Skip to content

Commit

Permalink
Add conditions to the Function CRD status
Browse files Browse the repository at this point in the history 
In order to show when a secret etc is missing, or when the
reconciliation is complete from Function to Deployment/Service
conditions are added to the status of the Function.

Stalled = unable to fully reconcile
Ready = reconciled
Healthy = Pod available for a request

Also adds functions/status to the RBAC for the operator.

Signed-off-by: Alex Ellis (OpenFaaS Ltd) <[email protected]>
  • Loading branch information
@alexellis
alexellis committed Apr 29, 2024
1 parent 23e66ca commit d94b9b9
Show file tree
Hide file tree
Showing 14 changed files with 437 additions and 853 deletions.
24 changes: 6 additions & 18 deletions artifacts/crds/iam.openfaas.com_jwtissuers.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: jwtissuers.iam.openfaas.com
spec:
group: iam.openfaas.com
Expand Down Expand Up @@ -32,19 +33,10 @@ spec:
- spec
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand All @@ -56,19 +48,15 @@ spec:
- iss
properties:
aud:
description: |-
Audience is the intended audience of the JWT, at times, like with Auth0 this is the
client ID of the app, and not our validating server
description: Audience is the intended audience of the JWT, at times, like with Auth0 this is the client ID of the app, and not our validating server
type: array
items:
type: string
iss:
description: Issuer is the issuer of the JWT
type: string
issInternal:
description: |-
IssuerInternal provides an alternative URL to use to download the public key
for this issuer. It's useful for the system issuer.
description: IssuerInternal provides an alternative URL to use to download the public key for this issuer. It's useful for the system issuer.
type: string
tokenExpiry:
type: string
Expand Down
31 changes: 6 additions & 25 deletions artifacts/crds/iam.openfaas.com_policies.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: policies.iam.openfaas.com
spec:
group: iam.openfaas.com
Expand All @@ -26,19 +27,10 @@ spec:
- spec
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand All @@ -63,16 +55,7 @@ spec:
items:
type: string
condition:
description: |-
Condition is a set of conditions that the policy applies to
{
"StringLike": {
"jwt:https://my-identity-provider.com#sub-id": [
"1234567890",
"0987654321"
],
}
}
description: 'Condition is a set of conditions that the policy applies to { "StringLike": { "jwt:https://my-identity-provider.com#sub-id": [ "1234567890", "0987654321" ], } }'
type: object
additionalProperties:
type: object
Expand All @@ -84,9 +67,7 @@ spec:
description: Effect is the effect of the policy - only Allow is supported
type: string
resource:
description: |-
Resource is a set of resources that the policy applies to - only namespaces are supported at
present
description: Resource is a set of resources that the policy applies to - only namespaces are supported at present
type: array
items:
type: string
Expand Down
38 changes: 7 additions & 31 deletions artifacts/crds/iam.openfaas.com_roles.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: roles.iam.openfaas.com
spec:
group: iam.openfaas.com
Expand Down Expand Up @@ -32,40 +33,19 @@ spec:
- spec
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: |-
RoleSpec maps a number of principals or attributes within a JWT to
a set of policies.
description: RoleSpec maps a number of principals or attributes within a JWT to a set of policies.
type: object
properties:
condition:
description: |-
Condition is a set of conditions that can be used instead of a principal
to match against claims within a JWT
{
"StringLike": {
"jwt:https://my-identity-provider.com#sub-id": [
"1234567890",
"0987654321"
],
}
}
description: 'Condition is a set of conditions that can be used instead of a principal to match against claims within a JWT { "StringLike": { "jwt:https://my-identity-provider.com#sub-id": [ "1234567890", "0987654321" ], } }'
type: object
additionalProperties:
type: object
Expand All @@ -79,11 +59,7 @@ spec:
items:
type: string
principal:
description: |-
Principal is the principal that the role applies to i.e.
{
"jwt:sub":["repo:alexellis/minty:ref:refs/heads/master"]
}
description: Principal is the principal that the role applies to i.e. { "jwt:sub":["repo:alexellis/minty:ref:refs/heads/master"] }
type: object
additionalProperties:
type: array
Expand Down
84 changes: 71 additions & 13 deletions artifacts/crds/openfaas.com_functions.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.14.0
controller-gen.kubebuilder.io/version: v0.11.3
creationTimestamp: null
name: functions.openfaas.com
spec:
group: openfaas.com
Expand All @@ -17,6 +18,18 @@ spec:
- jsonPath: .spec.image
name: Image
type: string
- jsonPath: .status.conditions[?(@.type == "Ready")].status
name: Ready
type: string
- jsonPath: .status.conditions[?(@.type == "Healthy")].status
name: Healthy
type: string
- jsonPath: .status.replicas
name: Replicas
type: string
- jsonPath: .status.availableReplicas
name: Available
type: string
name: v1
schema:
openAPIV3Schema:
Expand All @@ -26,19 +39,10 @@ spec:
- spec
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
Expand Down Expand Up @@ -93,6 +97,60 @@ spec:
type: array
items:
type: string
status:
type: object
properties:
availableReplicas:
type: integer
format: int32
conditions:
description: Conditions contains observations of the resource's state.
type: array
items:
description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, \n type FooStatus struct{ // Represents the observations of a foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
type: object
required:
- lastTransitionTime
- message
- reason
- status
- type
properties:
lastTransitionTime:
description: lastTransitionTime is the last time the condition transitioned from one status to another. This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
type: string
format: date-time
message:
description: message is a human readable message indicating details about the transition. This may be an empty string.
type: string
maxLength: 32768
observedGeneration:
description: observedGeneration represents the .metadata.generation that the condition was set based upon. For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date with respect to the current state of the instance.
type: integer
format: int64
minimum: 0
reason:
description: reason contains a programmatic identifier indicating the reason for the condition's last transition. Producers of specific condition types may define expected values and meanings for this field, and whether the values are considered a guaranteed API. The value should be a CamelCase string. This field may not be empty.
type: string
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
status:
description: status of the condition, one of True, False, Unknown.
type: string
enum:
- "True"
- "False"
- Unknown
type:
description: type of condition in CamelCase or in foo.example.com/CamelCase. --- Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be useful (see .node.status.conditions), the ability to deconflict is important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
type: string
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
replicas:
type: integer
format: int32
served: true
storage: true
subresources: {}
subresources:
status: {}
Loading

0 comments on commit d94b9b9

Please sign in to comment.