Skip to content

Commit

Permalink
Move all CRDs into templates
Browse files Browse the repository at this point in the history
All CRDs are moved into templates so that they can be maintained
by helm. An extra crds.yaml file is generated for those who
have createCRDs set to false.

Further, an annotation is added so that helm won't garbage
collect CRDs and delete functions when people do an update by
mistakenly running uninstall then install, instead of
helm upgrade --install.

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
  • Loading branch information
alexellis committed May 10, 2024
1 parent b478084 commit 3b25335
Show file tree
Hide file tree
Showing 22 changed files with 6,245 additions and 3,779 deletions.
2,119 changes: 2,119 additions & 0 deletions artifacts/crds/crds.yaml

Large diffs are not rendered by default.

125 changes: 64 additions & 61 deletions artifacts/crds/iam.openfaas.com_jwtissuers.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/name: openfaas
name: jwtissuers.iam.openfaas.com
spec:
group: iam.openfaas.com
Expand All @@ -13,65 +16,65 @@ spec:
singular: jwtissuer
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.iss
name: Issuer
type: string
- jsonPath: .spec.aud
name: Audience
type: string
- jsonPath: .spec.tokenExpiry
name: Expiry
type: string
name: v1
schema:
openAPIV3Schema:
description: JwtIssuer is used to define a JWT issuer for a function
type: object
required:
- spec
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: JwtIssuerSpec is the spec for a JwtIssuer resource
type: object
required:
- aud
- iss
properties:
aud:
description: |-
Audience is the intended audience of the JWT, at times, like with Auth0 this is the
client ID of the app, and not our validating server
type: array
items:
type: string
iss:
description: Issuer is the issuer of the JWT
- additionalPrinterColumns:
- jsonPath: .spec.iss
name: Issuer
type: string
- jsonPath: .spec.aud
name: Audience
type: string
- jsonPath: .spec.tokenExpiry
name: Expiry
type: string
name: v1
schema:
openAPIV3Schema:
description: JwtIssuer is used to define a JWT issuer for a function
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: JwtIssuerSpec is the spec for a JwtIssuer resource
properties:
aud:
description: |-
Audience is the intended audience of the JWT, at times, like with Auth0 this is the
client ID of the app, and not our validating server
items:
type: string
issInternal:
description: |-
IssuerInternal provides an alternative URL to use to download the public key
for this issuer. It's useful for the system issuer.
type: string
tokenExpiry:
type: string
served: true
storage: true
subresources: {}
type: array
iss:
description: Issuer is the issuer of the JWT
type: string
issInternal:
description: |-
IssuerInternal provides an alternative URL to use to download the public key
for this issuer. It's useful for the system issuer.
type: string
tokenExpiry:
type: string
required:
- aud
- iss
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
160 changes: 79 additions & 81 deletions artifacts/crds/iam.openfaas.com_policies.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,9 @@ kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
helm.sh/resource-policy: keep
labels:
app.kubernetes.io/name: openfaas
name: policies.iam.openfaas.com
spec:
group: iam.openfaas.com
Expand All @@ -13,86 +16,81 @@ spec:
singular: policy
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .spec.statement
name: Statement
type: string
name: v1
schema:
openAPIV3Schema:
description: Policy is used to define a policy for a function
type: object
required:
- spec
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
type: object
required:
- statement
properties:
statement:
type: array
items:
type: object
required:
- action
- effect
- resource
- sid
properties:
action:
description: Action is a set of actions that the policy applies to i.e. Function:Read
type: array
items:
type: string
condition:
description: |-
Condition is a set of conditions that the policy applies to
{
"StringLike": {
"jwt:https://my-identity-provider.com#sub-id": [
"1234567890",
"0987654321"
],
}
}
type: object
additionalProperties:
type: object
additionalProperties:
type: array
items:
type: string
effect:
description: Effect is the effect of the policy - only Allow is supported
- additionalPrinterColumns:
- jsonPath: .spec.statement
name: Statement
type: string
name: v1
schema:
openAPIV3Schema:
description: Policy is used to define a policy for a function
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
statement:
items:
properties:
action:
description: Action is a set of actions that the policy applies
to i.e. Function:Read
items:
type: string
resource:
description: |-
Resource is a set of resources that the policy applies to - only namespaces are supported at
present
type: array
items:
type: string
sid:
description: SID is the unique identifier for the policy
type: array
condition:
additionalProperties:
additionalProperties:
items:
type: string
type: array
type: object
description: "Condition is a set of conditions that the policy
applies to\n{\n\t\"StringLike\": {\n\t\t\"jwt:https://my-identity-provider.com#sub-id\":
[\n\t\t\t\"1234567890\",\n\t\t\t\"0987654321\"\n\t\t],\n\t}\n}"
type: object
effect:
description: Effect is the effect of the policy - only Allow
is supported
type: string
resource:
description: |-
Resource is a set of resources that the policy applies to - only namespaces are supported at
present
items:
type: string
served: true
storage: true
subresources: {}
type: array
sid:
description: SID is the unique identifier for the policy
type: string
required:
- action
- effect
- resource
- sid
type: object
type: array
required:
- statement
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}
Loading

0 comments on commit 3b25335

Please sign in to comment.