diff --git a/api/v1alpha1/common.go b/api/v1alpha1/common.go index 19ecccbaf..bc973717e 100644 --- a/api/v1alpha1/common.go +++ b/api/v1alpha1/common.go @@ -23,3 +23,35 @@ type Providers struct { // ControlPlaneProviders is the list of CAPI control plane providers ControlPlaneProviders []string `json:"controlPlane,omitempty"` } + +const ( + // Provider CAPA + ProviderCAPAName = "cluster-api-provider-aws" + ProviderCAPASecretName = "aws-variables" + // Provider Azure + ProviderAzureName = "cluster-api-provider-azure" + // Provider K0smotron + ProviderK0smotronName = "k0smotron" + // Provider Sveltos + ProviderSveltosName = "projectsveltos" + ProviderSveltosTargetNamespace = "projectsveltos" + ProviderSveltosCreateNamespace = true +) + +var ( + // DefaultProviders is a map of providers that are + // installed by default, each with its default config. + DefaultProviders = map[string]map[string]interface{}{ + ProviderCAPAName: { + "configSecret": map[string]interface{}{ + "name": ProviderCAPASecretName, + }, + }, + ProviderAzureName: nil, + ProviderK0smotronName: nil, + ProviderSveltosName: { + "targetNamespace": ProviderSveltosTargetNamespace, + "createNamespace": ProviderSveltosCreateNamespace, + }, + } +) diff --git a/api/v1alpha1/management_types.go b/api/v1alpha1/management_types.go index a53e47ad8..dee9f68dd 100644 --- a/api/v1alpha1/management_types.go +++ b/api/v1alpha1/management_types.go @@ -15,6 +15,9 @@ package v1alpha1 import ( + "encoding/json" + "fmt" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/yaml" @@ -24,11 +27,16 @@ const ( DefaultCoreHMCTemplate = "hmc" DefaultCoreCAPITemplate = "cluster-api" - DefaultCAPAConfig = `{ - "configSecret": { - "name": "aws-variables" - } - }` + // DefaultCAPAConfig = `{ + // "configSecret": { + // "name": "aws-variables" + // } + // }` + + // DefaultSveltosConfig = `{ + // "targetNamespace": "projectsveltos", + // "createNamespace": true, + // }` ManagementName = "hmc" @@ -92,21 +100,28 @@ func (m *ManagementSpec) SetDefaults() bool { return true } -func (m *ManagementSpec) SetProvidersDefaults() { - m.Providers = []Component{ - { - Template: "k0smotron", - }, - { - Template: "cluster-api-provider-aws", - Config: &apiextensionsv1.JSON{ - Raw: []byte(DefaultCAPAConfig), - }, - }, - { - Template: "cluster-api-provider-azure", - }, +func (m *ManagementSpec) SetProvidersDefaults() error { + providers := []Component{} + + for name, config := range DefaultProviders { + c := Component{ + Template: name, + } + + if len(config) > 0 { + b, err := json.Marshal(config) + if err != nil { + return fmt.Errorf("failed to marshal config for %s provider: %w", name, err) + } + + c.Config = &apiextensionsv1.JSON{Raw: b} + } + + providers = append(providers, c) } + + m.Providers = providers + return nil } // ManagementStatus defines the observed state of Management diff --git a/hack/templates.sh b/hack/templates.sh index a17a222ee..67b8f36e9 100755 --- a/hack/templates.sh +++ b/hack/templates.sh @@ -31,7 +31,6 @@ for chart in $TEMPLATES_DIR/*; do name=$(grep '^name:' $chart/Chart.yaml | awk '{print $2}') if [ "$name" = "$HMC_TEMPLATES_CHART_NAME" ]; then continue; fi version=$(grep '^version:' $chart/Chart.yaml | awk '{print $2}') - cat < $TEMPLATES_OUTPUT_DIR/$name.yaml apiVersion: hmc.mirantis.com/v1alpha1 kind: Template diff --git a/internal/controller/managedcluster_controller.go b/internal/controller/managedcluster_controller.go index d7e2561e6..487eea2c7 100644 --- a/internal/controller/managedcluster_controller.go +++ b/internal/controller/managedcluster_controller.go @@ -266,8 +266,11 @@ func (r *ManagedClusterReconciler) Update(ctx context.Context, l logr.Logger, ma UID: managedCluster.UID, } - hr, _, err := helm.ReconcileHelmRelease(ctx, r.Client, managedCluster.Name, managedCluster.Namespace, managedCluster.Spec.Config, - ownerRef, template.Status.ChartRef, defaultReconcileInterval, nil) + hr, _, err := helm.ReconcileHelmRelease2(ctx, r.Client, managedCluster.Name, managedCluster.Namespace, helm.ReconcileHelmReleaseOpts{ + Values: managedCluster.Spec.Config, + OwnerReference: ownerRef, + ChartRef: template.Status.ChartRef, + }) if err != nil { apimeta.SetStatusCondition(managedCluster.GetConditions(), metav1.Condition{ Type: hmc.HelmReleaseReadyCondition, diff --git a/internal/controller/management_controller.go b/internal/controller/management_controller.go index a86be05c6..d4cb62d49 100644 --- a/internal/controller/management_controller.go +++ b/internal/controller/management_controller.go @@ -100,8 +100,10 @@ func (r *ManagementReconciler) Update(ctx context.Context, management *hmc.Manag components := wrappedComponents(management) for _, component := range components { + fmt.Printf("\n>>>>>>>>>>>>>>>>>>>>>>>>> component.Template = %s >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n", component.Template) template := &hmc.Template{} err := r.Get(ctx, types.NamespacedName{ + // WAHAB: 3 Namespace: r.SystemNamespace, Name: component.Template, }, template) @@ -118,8 +120,13 @@ func (r *ManagementReconciler) Update(ctx context.Context, management *hmc.Manag continue } - _, _, err = helm.ReconcileHelmRelease(ctx, r.Client, component.HelmReleaseName(), r.SystemNamespace, component.Config, - nil, template.Status.ChartRef, defaultReconcileInterval, component.dependsOn) + _, _, err = helm.ReconcileHelmRelease2(ctx, r.Client, component.HelmReleaseName(), r.SystemNamespace, helm.ReconcileHelmReleaseOpts{ + Values: component.Config, + ChartRef: template.Status.ChartRef, + DependsOn: component.dependsOn, + TargetNamespace: component.targetNamespace, + CreateNamespace: component.createNamespace, + }) if err != nil { errMsg := fmt.Sprintf("error reconciling HelmRelease %s/%s: %s", r.SystemNamespace, component.Template, err) updateComponentsStatus(detectedComponents, &detectedProviders, component.Template, template.Status, errMsg) @@ -213,19 +220,31 @@ func (r *ManagementReconciler) removeHelmRepositories(ctx context.Context, opts type component struct { hmc.Component + // helm release dependencies - dependsOn []meta.NamespacedObjectReference + dependsOn []meta.NamespacedObjectReference + targetNamespace string + createNamespace bool } func wrappedComponents(mgmt *hmc.Management) (components []component) { if mgmt.Spec.Core == nil { return } + components = append(components, component{Component: mgmt.Spec.Core.HMC}) components = append(components, component{Component: mgmt.Spec.Core.CAPI, dependsOn: []meta.NamespacedObjectReference{{Name: mgmt.Spec.Core.HMC.Template}}}) - for provider := range mgmt.Spec.Providers { - components = append(components, component{Component: mgmt.Spec.Providers[provider], dependsOn: []meta.NamespacedObjectReference{{Name: mgmt.Spec.Core.CAPI.Template}}}) + + for i := range mgmt.Spec.Providers { + c := component{Component: mgmt.Spec.Providers[i], dependsOn: []meta.NamespacedObjectReference{{Name: mgmt.Spec.Core.CAPI.Template}}} + + if mgmt.Spec.Providers[i].Template == hmc.ProviderSveltosName { + c.targetNamespace = hmc.ProviderSveltosTargetNamespace + c.createNamespace = hmc.ProviderSveltosCreateNamespace + } + components = append(components, c) } + return } diff --git a/internal/controller/release_controller.go b/internal/controller/release_controller.go index 6b63669fb..101f405c0 100644 --- a/internal/controller/release_controller.go +++ b/internal/controller/release_controller.go @@ -128,7 +128,10 @@ func (p *Poller) ensureManagement(ctx context.Context) error { if !apierrors.IsNotFound(err) { return fmt.Errorf("failed to get %s Management object", hmc.ManagementName) } - mgmtObj.Spec.SetProvidersDefaults() + + if err := mgmtObj.Spec.SetProvidersDefaults(); err != nil { + return err + } getter := helm.NewMemoryRESTClientGetter(p.Config, p.RESTMapper()) actionConfig := new(action.Configuration) @@ -164,6 +167,7 @@ func (p *Poller) ensureManagement(ctx context.Context) error { Raw: rawConfig, } + // WAHAB: 2 err = p.Create(ctx, mgmtObj) if err != nil { return fmt.Errorf("failed to create %s Management object: %s", hmc.ManagementName, err) @@ -190,7 +194,7 @@ func (p *Poller) reconcileDefaultHelmRepo(ctx context.Context) error { helmRepo.Spec = sourcev1.HelmRepositorySpec{ Type: p.DefaultRepoType, URL: p.DefaultRegistryURL, - Interval: metav1.Duration{Duration: defaultReconcileInterval}, + Interval: metav1.Duration{Duration: helm.DefaultReconcileInterval}, Insecure: p.InsecureRegistry, } if p.RegistryCredentialsSecret != "" { @@ -234,7 +238,7 @@ func (p *Poller) reconcileHMCTemplates(ctx context.Context) error { Kind: sourcev1.HelmRepositoryKind, Name: defaultRepoName, }, - Interval: metav1.Duration{Duration: defaultReconcileInterval}, + Interval: metav1.Duration{Duration: helm.DefaultReconcileInterval}, } return nil }) @@ -255,7 +259,9 @@ func (p *Poller) reconcileHMCTemplates(ctx context.Context) error { Name: helmChart.Name, Namespace: helmChart.Namespace, } - _, operation, err = helm.ReconcileHelmRelease(ctx, p.Client, hmcTemplatesReleaseName, p.SystemNamespace, nil, nil, chartRef, defaultReconcileInterval, nil) + _, operation, err = helm.ReconcileHelmRelease2(ctx, p.Client, hmcTemplatesReleaseName, p.SystemNamespace, helm.ReconcileHelmReleaseOpts{ + ChartRef: chartRef, + }) if err != nil { return err } diff --git a/internal/controller/template_controller.go b/internal/controller/template_controller.go index eb0ffe0c4..6f9cb4186 100644 --- a/internal/controller/template_controller.go +++ b/internal/controller/template_controller.go @@ -19,7 +19,6 @@ import ( "encoding/json" "fmt" "strings" - "time" helmcontrollerv2 "github.com/fluxcd/helm-controller/api/v2" v2 "github.com/fluxcd/helm-controller/api/v2" @@ -39,8 +38,7 @@ import ( ) const ( - defaultRepoName = "hmc-templates" - defaultReconcileInterval = 10 * time.Minute + defaultRepoName = "hmc-templates" ) var ( @@ -230,11 +228,14 @@ func (r *TemplateReconciler) reconcileHelmChart(ctx context.Context, template *h helmChart.Spec = sourcev1.HelmChartSpec{ Chart: template.Spec.Helm.ChartName, Version: template.Spec.Helm.ChartVersion, + // WAHAB 4: Due to this, the Template object for projectsveltos will + // have to be within the hmc-system namespace. Because the helm-templates Flux source + // is within the hmc-system namespace. SourceRef: sourcev1.LocalHelmChartSourceReference{ Kind: sourcev1.HelmRepositoryKind, Name: defaultRepoName, }, - Interval: metav1.Duration{Duration: defaultReconcileInterval}, + Interval: metav1.Duration{Duration: helm.DefaultReconcileInterval}, } return nil }) diff --git a/internal/helm/release.go b/internal/helm/release.go index 2793442e6..6bd9bcdb8 100644 --- a/internal/helm/release.go +++ b/internal/helm/release.go @@ -29,45 +29,64 @@ import ( hmc "github.com/Mirantis/hmc/api/v1alpha1" ) -func ReconcileHelmRelease( - ctx context.Context, +const ( + DefaultReconcileInterval = 10 * time.Minute +) + +type ReconcileHelmReleaseOpts struct { + Values *apiextensionsv1.JSON + OwnerReference *metav1.OwnerReference + ChartRef *hcv2.CrossNamespaceSourceReference + ReconcileInterval *time.Duration + DependsOn []meta.NamespacedObjectReference + TargetNamespace string + CreateNamespace bool +} + +func ReconcileHelmRelease2(ctx context.Context, cl client.Client, name string, namespace string, - values *apiextensionsv1.JSON, - ownerReference *metav1.OwnerReference, - chartRef *hcv2.CrossNamespaceSourceReference, - reconcileInterval time.Duration, - dependsOn []meta.NamespacedObjectReference, + opts ReconcileHelmReleaseOpts, ) (*hcv2.HelmRelease, controllerutil.OperationResult, error) { - helmRelease := &hcv2.HelmRelease{ + hr := &hcv2.HelmRelease{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: namespace, }, } - operation, err := ctrl.CreateOrUpdate(ctx, cl, helmRelease, func() error { - if helmRelease.Labels == nil { - helmRelease.Labels = make(map[string]string) + operation, err := ctrl.CreateOrUpdate(ctx, cl, hr, func() error { + if hr.Labels == nil { + hr.Labels = make(map[string]string) } - helmRelease.Labels[hmc.HMCManagedLabelKey] = hmc.HMCManagedLabelValue - if ownerReference != nil { - helmRelease.OwnerReferences = []metav1.OwnerReference{*ownerReference} + hr.Labels[hmc.HMCManagedLabelKey] = hmc.HMCManagedLabelValue + if opts.OwnerReference != nil { + hr.OwnerReferences = []metav1.OwnerReference{*opts.OwnerReference} } - helmRelease.Spec = hcv2.HelmReleaseSpec{ - ChartRef: chartRef, - Interval: metav1.Duration{Duration: reconcileInterval}, - ReleaseName: name, - Values: values, - DependsOn: dependsOn, + hr.Spec = hcv2.HelmReleaseSpec{ + ChartRef: opts.ChartRef, + Interval: metav1.Duration{Duration: func() time.Duration { + if opts.ReconcileInterval != nil { + return *opts.ReconcileInterval + } + return DefaultReconcileInterval + }()}, + ReleaseName: name, + Values: opts.Values, + DependsOn: opts.DependsOn, + TargetNamespace: opts.TargetNamespace, + Install: &hcv2.Install{ + CreateNamespace: opts.CreateNamespace, + }, } return nil }) if err != nil { return nil, operation, err } - return helmRelease, operation, nil + + return hr, operation, nil } func DeleteHelmRelease(ctx context.Context, cl client.Client, name string, namespace string) error { diff --git a/templates/hmc-templates/files/templates/projectsveltos.yaml b/templates/hmc-templates/files/templates/projectsveltos.yaml new file mode 100644 index 000000000..b061708a3 --- /dev/null +++ b/templates/hmc-templates/files/templates/projectsveltos.yaml @@ -0,0 +1,8 @@ +apiVersion: hmc.mirantis.com/v1alpha1 +kind: Template +metadata: + name: projectsveltos +spec: + helm: + chartName: projectsveltos + chartVersion: 0.37.1 diff --git a/templates/projectsveltos/.helmignore b/templates/projectsveltos/.helmignore new file mode 100644 index 000000000..0e8a0eb36 --- /dev/null +++ b/templates/projectsveltos/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/templates/projectsveltos/Chart.yaml b/templates/projectsveltos/Chart.yaml new file mode 100644 index 000000000..d6f983e85 --- /dev/null +++ b/templates/projectsveltos/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: projectsveltos +description: Projectsveltos helm chart for Kubernetes +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.37.1 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "0.37.0" +icon: https://github.com/projectsveltos/sveltos/raw/main/docs/assets/logo.png +annotations: + hmc.mirantis.com/type: provider diff --git a/templates/projectsveltos/crds/accessrequest-crd.yaml b/templates/projectsveltos/crds/accessrequest-crd.yaml new file mode 100644 index 000000000..d2293212d --- /dev/null +++ b/templates/projectsveltos/crds/accessrequest-crd.yaml @@ -0,0 +1,255 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: accessrequests.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: AccessRequest + listKind: AccessRequestList + plural: accessrequests + singular: accessrequest + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: AccessRequest is the Schema for the accessrequest API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessRequestSpec defines the desired state of AccessRequest + properties: + controlPlaneEndpoint: + description: |- + ControlPlaneEndpoint represents the endpoint used to communicate with the + management cluster controlplane endpoint. It will be used when generating the + kubeconfig. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + name: + description: |- + Name is the name of the service account created + for this AccessRequest + type: string + namespace: + description: |- + Namespace is the namespace of the service account created + for this AccessRequest + type: string + type: + description: Type represent the type of the request + enum: + - SveltosAgent + - Different + type: string + required: + - controlPlaneEndpoint + - name + - namespace + - type + type: object + status: + description: AccessRequestStatus defines the status of AccessRequest + properties: + failureMessage: + description: FailureMessage provides more information if an error + occurs. + type: string + secretRef: + description: SecretRef points to the Secret containing Kubeconfig + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: AccessRequest is the Schema for the accessrequest API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: AccessRequestSpec defines the desired state of AccessRequest + properties: + controlPlaneEndpoint: + description: |- + ControlPlaneEndpoint represents the endpoint used to communicate with the + management cluster controlplane endpoint. It will be used when generating the + kubeconfig. + properties: + host: + description: The hostname on which the API server is serving. + type: string + port: + description: The port on which the API server is serving. + format: int32 + type: integer + required: + - host + - port + type: object + name: + description: |- + Name is the name of the service account created + for this AccessRequest + type: string + namespace: + description: |- + Namespace is the namespace of the service account created + for this AccessRequest + type: string + type: + description: Type represent the type of the request + enum: + - SveltosAgent + - Different + type: string + required: + - controlPlaneEndpoint + - name + - namespace + - type + type: object + status: + description: AccessRequestStatus defines the status of AccessRequest + properties: + failureMessage: + description: FailureMessage provides more information if an error + occurs. + type: string + secretRef: + description: SecretRef points to the Secret containing Kubeconfig + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/classifier-crd.yaml b/templates/projectsveltos/crds/classifier-crd.yaml new file mode 100644 index 000000000..071a43594 --- /dev/null +++ b/templates/projectsveltos/crds/classifier-crd.yaml @@ -0,0 +1,655 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: classifiers.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: Classifier + listKind: ClassifierList + plural: classifiers + singular: classifier + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Classifier is the Schema for the classifiers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClassifierSpec defines the desired state of Classifier + properties: + classifierLabels: + description: |- + ClassifierLabels is set of labels, key,value pair, that will be added to each + cluster matching Classifier instance + items: + properties: + key: + description: Key is the label key + type: string + value: + description: Value is the label value + type: string + required: + - key + - value + type: object + type: array + deployedResourceConstraint: + description: DeployedResourceConstraint allows to classify based on + current deployed resources + properties: + aggregatedClassification: + description: |- + AggregatedClassification is optional and can be used to specify a Lua function + that will be used to further detect whether the subset of the resources + selected using the ResourceSelector field are a match for this Classifier. + The function will receive the array of resources selected by ResourceSelectors. + If this field is not specified, a cluster is a match for Classifier instance, + if all ResourceSelectors returns at least one match. + This field allows to perform more complex evaluation on the resources, looking + at all resources together. + This can be useful for more sophisticated tasks, such as identifying resources + that are related to each other or that have similar properties. + The Lua function must return a struct with: + - "matching" field: boolean indicating whether cluster is a match; + - "message" field: (optional) message. + type: string + resourceSelectors: + description: |- + ResourceSelectors identifies what resources to select + If no AggregatedClassification is specified, a cluster is + a match for Classifier instance, if all ResourceSelectors returns at + least one match. + items: + description: ResourceSelector defines what resources are a match + properties: + evaluate: + description: |- + Evaluate contains a function "evaluate" in lua language. + The function will be passed one of the object selected based on + above criteria. + Must return struct with field "matching" representing whether + object is a match and an optional "message" field. + type: string + group: + description: Group of the resource deployed in the Cluster. + type: string + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based + on current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name of the resource deployed in the Cluster. + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - kind + - version + type: object + type: array + required: + - resourceSelectors + type: object + kubernetesVersionConstraints: + description: KubernetesVersionConstraints allows to classify based + on current kubernetes version + items: + properties: + comparison: + description: Comparison indicate how to compare cluster kubernetes + version with the specified version + enum: + - Equal + - NotEqual + - GreaterThan + - LessThan + - GreaterThanOrEqualTo + - LessThanOrEqualTo + type: string + version: + description: Version is the kubernetes version + type: string + required: + - comparison + - version + type: object + type: array + required: + - classifierLabels + type: object + status: + description: ClassifierStatus defines the observed state of Classifier + properties: + clusterInfo: + description: |- + ClusterInfo reference all the cluster-api Cluster where Classifier + has been/is being deployed + items: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + type: array + machingClusterStatuses: + description: |- + MatchingClusterRefs reference all the cluster-api Cluster currently matching + Classifier + items: + properties: + clusterRef: + description: ClusterRef references the matching Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + managedLabels: + description: |- + ManagedLabels indicates the labels being managed on + the cluster by this Classifier instance + items: + type: string + type: array + unManagedLabels: + description: |- + UnManagedLabel indicates the labels this Classifier instance + would like to manage but cannot because different instance is + already managing it + items: + properties: + failureMessage: + description: |- + FailureMessage is a human consumable message explaining the + misconfiguration + type: string + key: + description: |- + Key represents a label Classifier would like to manage + but cannot because currently managed by different instance + type: string + required: + - key + type: object + type: array + required: + - clusterRef + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: Classifier is the Schema for the classifiers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClassifierSpec defines the desired state of Classifier + properties: + classifierLabels: + description: |- + ClassifierLabels is set of labels, key,value pair, that will be added to each + cluster matching Classifier instance + items: + properties: + key: + description: Key is the label key + type: string + value: + description: Value is the label value + type: string + required: + - key + - value + type: object + type: array + deployedResourceConstraint: + description: DeployedResourceConstraint allows to classify based on + current deployed resources + properties: + aggregatedClassification: + description: |- + AggregatedClassification is optional and can be used to specify a Lua function + that will be used to further detect whether the subset of the resources + selected using the ResourceSelector field are a match for this Classifier. + The function will receive the array of resources selected by ResourceSelectors. + If this field is not specified, a cluster is a match for Classifier instance, + if all ResourceSelectors returns at least one match. + This field allows to perform more complex evaluation on the resources, looking + at all resources together. + This can be useful for more sophisticated tasks, such as identifying resources + that are related to each other or that have similar properties. + The Lua function must return a struct with: + - "matching" field: boolean indicating whether cluster is a match; + - "message" field: (optional) message. + type: string + resourceSelectors: + description: |- + ResourceSelectors identifies what resources to select + If no AggregatedClassification is specified, a cluster is + a match for Classifier instance, if all ResourceSelectors returns at + least one match. + items: + description: ResourceSelector defines what resources are a match + properties: + evaluate: + description: |- + Evaluate contains a function "evaluate" in lua language. + The function will be passed one of the object selected based on + above criteria. + Must return struct with field "matching" representing whether + object is a match and an optional "message" field. + type: string + group: + description: Group of the resource deployed in the Cluster. + type: string + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based + on current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name of the resource deployed in the Cluster. + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - kind + - version + type: object + type: array + required: + - resourceSelectors + type: object + kubernetesVersionConstraints: + description: KubernetesVersionConstraints allows to classify based + on current kubernetes version + items: + properties: + comparison: + description: Comparison indicate how to compare cluster kubernetes + version with the specified version + enum: + - Equal + - NotEqual + - GreaterThan + - LessThan + - GreaterThanOrEqualTo + - LessThanOrEqualTo + type: string + version: + description: Version is the kubernetes version + type: string + required: + - comparison + - version + type: object + type: array + required: + - classifierLabels + type: object + status: + description: ClassifierStatus defines the observed state of Classifier + properties: + clusterInfo: + description: |- + ClusterInfo reference all the cluster-api Cluster where Classifier + has been/is being deployed + items: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + type: array + machingClusterStatuses: + description: |- + MatchingClusterRefs reference all the cluster-api Cluster currently matching + Classifier + items: + properties: + clusterRef: + description: ClusterRef references the matching Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + managedLabels: + description: |- + ManagedLabels indicates the labels being managed on + the cluster by this Classifier instance + items: + type: string + type: array + unManagedLabels: + description: |- + UnManagedLabel indicates the labels this Classifier instance + would like to manage but cannot because different instance is + already managing it + items: + properties: + failureMessage: + description: |- + FailureMessage is a human consumable message explaining the + misconfiguration + type: string + key: + description: |- + Key represents a label Classifier would like to manage + but cannot because currently managed by different instance + type: string + required: + - key + type: object + type: array + required: + - clusterRef + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/classifierreport-crd.yaml b/templates/projectsveltos/crds/classifierreport-crd.yaml new file mode 100644 index 000000000..e446d86d5 --- /dev/null +++ b/templates/projectsveltos/crds/classifierreport-crd.yaml @@ -0,0 +1,155 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: classifierreports.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: ClassifierReport + listKind: ClassifierReportList + plural: classifierreports + singular: classifierreport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClassifierReport is the Schema for the classifierreports API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + classifierName: + description: |- + ClassifierName is the name of the Classifier instance this report + is for. + type: string + clusterName: + description: |- + ClusterName is the name of the Cluster this ClusterReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + ClusterReport is for. + type: string + clusterType: + description: ClusterType is the type of Cluster + type: string + match: + description: |- + Match indicates whether Cluster is currently a match for + the Classifier instance this report is for + type: boolean + required: + - classifierName + - clusterName + - clusterNamespace + - clusterType + - match + type: object + status: + description: ClassifierReportStatus defines the observed state of ClassifierReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClassifierReport is the Schema for the classifierreports API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + classifierName: + description: |- + ClassifierName is the name of the Classifier instance this report + is for. + type: string + clusterName: + description: |- + ClusterName is the name of the Cluster this ClusterReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + ClusterReport is for. + type: string + clusterType: + description: ClusterType is the type of Cluster + type: string + match: + description: |- + Match indicates whether Cluster is currently a match for + the Classifier instance this report is for + type: boolean + required: + - classifierName + - clusterName + - clusterNamespace + - clusterType + - match + type: object + status: + description: ClassifierReportStatus defines the observed state of ClassifierReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/clusterconfiguration-crd.yaml b/templates/projectsveltos/crds/clusterconfiguration-crd.yaml new file mode 100644 index 000000000..c02ee02d5 --- /dev/null +++ b/templates/projectsveltos/crds/clusterconfiguration-crd.yaml @@ -0,0 +1,765 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: clusterconfigurations.config.projectsveltos.io +spec: + group: config.projectsveltos.io + names: + kind: ClusterConfiguration + listKind: ClusterConfigurationList + plural: clusterconfigurations + singular: clusterconfiguration + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterConfiguration is the Schema for the clusterconfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + status: + description: ClusterConfigurationStatus defines the observed state of + ClusterConfiguration + properties: + clusterProfileResources: + description: |- + ClusterProfileResources is the list of resources currently deployed in a Cluster due + to ClusterProfiles + items: + description: |- + ClusterProfileResource keeps info on all of the resources deployed in this Cluster + due to a given ClusterProfile + properties: + Features: + description: |- + Features contains the list of policies deployed in the Cluster because + of a given feature + items: + properties: + charts: + description: Charts is a list of helm charts deployed + in the Cluster. + items: + properties: + appVersion: + description: AppVersion is the version of the app + deployed in the Cluster. + type: string + chartVersion: + description: ChartVersion is the version of the + helm chart deployed in the Cluster. + type: string + icon: + description: The URL to an icon file. + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + namespace: + description: Namespace where chart is deployed in + the Cluster. + type: string + releaseName: + description: ReleaseName name of the release deployed + in the Cluster. + minLength: 1 + type: string + repoURL: + description: |- + RepoURL URL of the repo containing the helm chart deployed + in the Cluster. + minLength: 1 + type: string + required: + - chartVersion + - lastAppliedTime + - releaseName + - repoURL + type: object + type: array + featureID: + description: FeatureID is an indentifier of the feature + whose status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + resources: + description: Resources is a list of resources deployed + in the Cluster. + items: + properties: + group: + description: Group of the resource deployed in the + Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the + Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the + Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret + containing this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in + the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + type: array + required: + - featureID + type: object + type: array + clusterProfileName: + description: ProfileName is the name of the ClusterProfile matching + the Cluster. + type: string + required: + - clusterProfileName + type: object + type: array + profileResources: + description: |- + ProfileResources is the list of resources currently deployed in a Cluster due + to Profiles + items: + description: |- + ProfileResource keeps info on all of the resources deployed in this Cluster + due to a given Profile + properties: + Features: + description: |- + Features contains the list of policies deployed in the Cluster because + of a given feature + items: + properties: + charts: + description: Charts is a list of helm charts deployed + in the Cluster. + items: + properties: + appVersion: + description: AppVersion is the version of the app + deployed in the Cluster. + type: string + chartVersion: + description: ChartVersion is the version of the + helm chart deployed in the Cluster. + type: string + icon: + description: The URL to an icon file. + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + namespace: + description: Namespace where chart is deployed in + the Cluster. + type: string + releaseName: + description: ReleaseName name of the release deployed + in the Cluster. + minLength: 1 + type: string + repoURL: + description: |- + RepoURL URL of the repo containing the helm chart deployed + in the Cluster. + minLength: 1 + type: string + required: + - chartVersion + - lastAppliedTime + - releaseName + - repoURL + type: object + type: array + featureID: + description: FeatureID is an indentifier of the feature + whose status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + resources: + description: Resources is a list of resources deployed + in the Cluster. + items: + properties: + group: + description: Group of the resource deployed in the + Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the + Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the + Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret + containing this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in + the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + type: array + required: + - featureID + type: object + type: array + profileName: + description: ProfileName is the name of the Profile matching + the Cluster. + type: string + required: + - profileName + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterConfiguration is the Schema for the clusterconfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + status: + description: ClusterConfigurationStatus defines the observed state of + ClusterConfiguration + properties: + clusterProfileResources: + description: |- + ClusterProfileResources is the list of resources currently deployed in a Cluster due + to ClusterProfiles + items: + description: |- + ClusterProfileResource keeps info on all of the resources deployed in this Cluster + due to a given ClusterProfile + properties: + Features: + description: |- + Features contains the list of policies deployed in the Cluster because + of a given feature + items: + properties: + charts: + description: Charts is a list of helm charts deployed + in the Cluster. + items: + properties: + appVersion: + description: AppVersion is the version of the app + deployed in the Cluster. + type: string + chartVersion: + description: ChartVersion is the version of the + helm chart deployed in the Cluster. + type: string + icon: + description: The URL to an icon file. + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + namespace: + description: Namespace where chart is deployed in + the Cluster. + type: string + releaseName: + description: ReleaseName name of the release deployed + in the Cluster. + minLength: 1 + type: string + repoURL: + description: |- + RepoURL URL of the repo containing the helm chart deployed + in the Cluster. + minLength: 1 + type: string + required: + - chartVersion + - lastAppliedTime + - releaseName + - repoURL + type: object + type: array + featureID: + description: FeatureID is an indentifier of the feature + whose status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + resources: + description: Resources is a list of resources deployed + in the Cluster. + items: + properties: + group: + description: Group of the resource deployed in the + Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the + Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the + Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret + containing this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in + the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + type: array + required: + - featureID + type: object + type: array + clusterProfileName: + description: ProfileName is the name of the ClusterProfile matching + the Cluster. + type: string + required: + - clusterProfileName + type: object + type: array + profileResources: + description: |- + ProfileResources is the list of resources currently deployed in a Cluster due + to Profiles + items: + description: |- + ProfileResource keeps info on all of the resources deployed in this Cluster + due to a given Profile + properties: + Features: + description: |- + Features contains the list of policies deployed in the Cluster because + of a given feature + items: + properties: + charts: + description: Charts is a list of helm charts deployed + in the Cluster. + items: + properties: + appVersion: + description: AppVersion is the version of the app + deployed in the Cluster. + type: string + chartVersion: + description: ChartVersion is the version of the + helm chart deployed in the Cluster. + type: string + icon: + description: The URL to an icon file. + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + namespace: + description: Namespace where chart is deployed in + the Cluster. + type: string + releaseName: + description: ReleaseName name of the release deployed + in the Cluster. + minLength: 1 + type: string + repoURL: + description: |- + RepoURL URL of the repo containing the helm chart deployed + in the Cluster. + minLength: 1 + type: string + required: + - chartVersion + - lastAppliedTime + - releaseName + - repoURL + type: object + type: array + featureID: + description: FeatureID is an indentifier of the feature + whose status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + resources: + description: Resources is a list of resources deployed + in the Cluster. + items: + properties: + group: + description: Group of the resource deployed in the + Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the + Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this + resource was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the + Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret + containing this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in + the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + type: array + required: + - featureID + type: object + type: array + profileName: + description: ProfileName is the name of the Profile matching + the Cluster. + type: string + required: + - profileName + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/clusterhealthcheck-crd.yaml b/templates/projectsveltos/crds/clusterhealthcheck-crd.yaml new file mode 100644 index 000000000..c007b751f --- /dev/null +++ b/templates/projectsveltos/crds/clusterhealthcheck-crd.yaml @@ -0,0 +1,823 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + name: clusterhealthchecks.lib.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: lib.projectsveltos.io + names: + kind: ClusterHealthCheck + listKind: ClusterHealthCheckList + plural: clusterhealthchecks + singular: clusterhealthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterHealthCheck is the Schema for the clusterhealthchecks + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterHealthCheckSpec defines the desired state of ClusterHealthCheck + properties: + clusterSelector: + description: ClusterSelector identifies clusters to associate to (Deprecated + use selector instead). + type: string + livenessChecks: + description: |- + LivenessChecks is a list of source of liveness checks to evaluate. + Anytime one of those changes, notifications will be sent + items: + properties: + livenessSourceRef: + description: |- + LivenessSourceRef is a reference to a liveness-specific resource that holds + the details for the liveness check. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Name of the liveness check. + Must be a DNS_LABEL and unique within the ClusterHealthCheck. + type: string + type: + description: Type specifies the type of liveness + enum: + - Addons + - HealthCheck + type: string + required: + - name + - type + type: object + type: array + notifications: + description: Notification is a list of source of events to evaluate. + items: + properties: + name: + description: |- + Name of the notification check. + Must be a DNS_LABEL and unique within the ClusterHealthCheck. + type: string + notificationRef: + description: |- + NotificationRef is a reference to a notification-specific resource that holds + the details for the notification. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: + description: NotificationType specifies the type of notification + enum: + - KubernetesEvent + - Slack + - Webex + - Discord + - Teams + type: string + required: + - name + - type + type: object + type: array + required: + - clusterSelector + - livenessChecks + - notifications + type: object + status: + properties: + clusterCondition: + description: |- + ClusterConditions contains conditions and notification status for all clusters + matching ClusterHealthCheck instance + items: + properties: + clusterInfo: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature + in the workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + conditions: + description: Cluster conditions. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + name: + description: Condition name + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + type: string + required: + - lastTransitionTime + - name + - status + - type + type: object + type: array + notificationSummaries: + description: NotificationSummaries contains status information + on notifications + items: + properties: + failureMessage: + description: |- + FailureMessage is a human consumable message explaining the + misconfiguration + type: string + name: + description: Name of the notification check. + type: string + status: + description: NotificationStatus specifies the notification + status + enum: + - Delivered + - FailedToDeliver + type: string + required: + - name + - status + type: object + type: array + required: + - clusterInfo + type: object + type: array + matchingClusters: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterHealthCheck ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterHealthCheck is the Schema for the clusterhealthchecks + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterHealthCheckSpec defines the desired state of ClusterHealthCheck + properties: + clusterSelector: + description: Selector identifies clusters to associate to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + livenessChecks: + description: |- + LivenessChecks is a list of source of liveness checks to evaluate. + Anytime one of those changes, notifications will be sent + items: + properties: + livenessSourceRef: + description: |- + LivenessSourceRef is a reference to a liveness-specific resource that holds + the details for the liveness check. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + name: + description: |- + Name of the liveness check. + Must be a DNS_LABEL and unique within the ClusterHealthCheck. + type: string + type: + description: Type specifies the type of liveness + enum: + - Addons + - HealthCheck + type: string + required: + - name + - type + type: object + type: array + notifications: + description: Notification is a list of source of events to evaluate. + items: + properties: + name: + description: |- + Name of the notification check. + Must be a DNS_LABEL and unique within the ClusterHealthCheck. + type: string + notificationRef: + description: |- + NotificationRef is a reference to a notification-specific resource that holds + the details for the notification. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: + description: NotificationType specifies the type of notification + enum: + - KubernetesEvent + - Slack + - Webex + - Discord + - Teams + type: string + required: + - name + - type + type: object + type: array + required: + - livenessChecks + - notifications + type: object + status: + properties: + clusterCondition: + description: |- + ClusterConditions contains conditions and notification status for all clusters + matching ClusterHealthCheck instance + items: + properties: + clusterInfo: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature + in the workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + conditions: + description: Cluster conditions. + items: + description: Condition defines an observation of a Cluster + API resource operational state. + properties: + lastTransitionTime: + description: |- + Last time the condition transitioned from one status to another. + This should be when the underlying condition changed. If that is not known, then using the time when + the API field changed is acceptable. + format: date-time + type: string + message: + description: |- + A human readable message indicating details about the transition. + This field may be empty. + type: string + name: + description: Condition name + type: string + reason: + description: |- + The reason for the condition's last transition in CamelCase. + The specific API may choose whether or not this field is considered a guaranteed API. + This field may not be empty. + type: string + severity: + description: |- + Severity provides an explicit classification of Reason code, so the users or machines can immediately + understand the current situation and act accordingly. + The Severity field MUST be set only when Status=False. + type: string + status: + description: Status of the condition, one of True, False, + Unknown. + type: string + type: + description: Type of condition in CamelCase or in foo.example.com/CamelCase. + type: string + required: + - lastTransitionTime + - name + - status + - type + type: object + type: array + notificationSummaries: + description: NotificationSummaries contains status information + on notifications + items: + properties: + failureMessage: + description: |- + FailureMessage is a human consumable message explaining the + misconfiguration + type: string + name: + description: Name of the notification check. + type: string + status: + description: NotificationStatus specifies the notification + status + enum: + - Delivered + - FailedToDeliver + type: string + required: + - name + - status + type: object + type: array + required: + - clusterInfo + type: object + type: array + matchingClusters: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterHealthCheck ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/clusterprofile-crd.yaml b/templates/projectsveltos/crds/clusterprofile-crd.yaml new file mode 100644 index 000000000..6df80e2bf --- /dev/null +++ b/templates/projectsveltos/crds/clusterprofile-crd.yaml @@ -0,0 +1,2060 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.2 + name: clusterprofiles.config.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: config.projectsveltos.io + names: + kind: ClusterProfile + listKind: ClusterProfileList + plural: clusterprofiles + singular: clusterprofile + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterProfile is the Schema for the clusterprofiles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to. + type: string + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + dependsOn: + description: |- + DependsOn specifies a list of other ClusterProfiles that this instance depends on. + In any managed cluster that matches this ClusterProfile, the add-ons and applications + defined in this instance will not be deployed until all add-ons and applications in the + ClusterProfiles listed as dependencies are deployed. + items: + type: string + type: array + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + type: object + helmCharts: + description: Helm charts is a list of helm charts that need to be + deployed + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be taken + on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used during + installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set to + false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific to + helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not present. + Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace an + older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific to + helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific to + helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause the + upgrade to delete newly-created resources on a failed + update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods after + a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the values + to the chart's built-ins then merge with user's last + supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to the + chart's built-ins rather than merging with existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes are + rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs is a list of kustomization paths. Kustomization will + be run on those paths and the outcome will be deployed. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired cluster (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets containing kubernetes resources + that need to be deployed in the matching CAPI clusters. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + setRefs: + description: |- + SetRefs identifies referenced (cluster)Sets. + - ClusterProfile can reference ClusterSet; + - Profile can reference Set; + items: + type: string + type: array + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates contained in referenced + PolicyRefs and Helm charts + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - identifier + x-kubernetes-list-type: map + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + type: object + status: + description: Status defines the observed state of ClusterProfile/Profile + properties: + matchingClusters: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterProfile ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + updatedClusters: + description: |- + UpdatedClusters contains information all the cluster currently matching + ClusterProfile ClusterSelector and already updated to latest ClusterProfile + Spec + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + updatingClusters: + description: |- + UpdatingClusters reference all the cluster currently matching + ClusterProfile ClusterSelector and being updated + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterProfile is the Schema for the clusterprofiles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + dependsOn: + description: |- + DependsOn specifies a list of other ClusterProfiles that this instance depends on. + In any managed cluster that matches this ClusterProfile, the add-ons and applications + defined in this instance will not be deployed until all add-ons and applications in the + ClusterProfiles listed as dependencies are deployed. + items: + type: string + type: array + driftExclusions: + description: |- + DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is + set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore + when evaluating drift, optionally targeting specific resources and features. + items: + properties: + paths: + description: Paths is a slice of JSON6902 paths to exclude from + configuration drift evaluation. + items: + type: string + type: array + target: + description: Target points to the resources that the paths refers + to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - paths + type: object + type: array + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + (Deprecated use Patches instead) + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + (Deprecated use Patches instead) + type: object + helmCharts: + description: Helm charts is a list of helm charts that need to be + deployed + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be taken + on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used during + installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set to + false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific to + helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not present. + Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace an + older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific to + helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific to + helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause the + upgrade to delete newly-created resources on a failed + update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods after + a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the values + to the chart's built-ins then merge with user's last + supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to the + chart's built-ins rather than merging with existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes are + rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs is a list of kustomization paths. Kustomization will + be run on those paths and the outcome will be deployed. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster) + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired cluster (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + patches: + description: |- + Define additional Kustomize inline Patches applied for all resources on this profile + Within the Patch Spec you can use templating + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources + that need to be deployed in the matching managed clusters. + The values contained in those resources can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + setRefs: + description: |- + SetRefs identifies referenced (cluster)Sets. + - ClusterProfile can reference ClusterSet; + - Profile can reference Set; + items: + type: string + type: array + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - identifier + x-kubernetes-list-type: map + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + type: object + status: + description: Status defines the observed state of ClusterProfile/Profile + properties: + matchingClusters: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterProfile ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + updatedClusters: + description: |- + UpdatedClusters contains information all the cluster currently matching + ClusterProfile ClusterSelector and already updated to latest ClusterProfile + Spec + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + updatingClusters: + description: |- + UpdatingClusters reference all the cluster currently matching + ClusterProfile ClusterSelector and being updated + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/clusterreport-crd.yaml b/templates/projectsveltos/crds/clusterreport-crd.yaml new file mode 100644 index 000000000..ac2c8afa5 --- /dev/null +++ b/templates/projectsveltos/crds/clusterreport-crd.yaml @@ -0,0 +1,639 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: clusterreports.config.projectsveltos.io +spec: + group: config.projectsveltos.io + names: + kind: ClusterReport + listKind: ClusterReportList + plural: clusterreports + singular: clusterreport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterReport is the Schema for the clusterreports API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterReportSpec defines the desired state of ClusterReport + properties: + clusterName: + description: |- + ClusterName is the name of the CAPI Cluster this ClusterReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the CAPI Cluster this + ClusterReport is for. + type: string + required: + - clusterName + - clusterNamespace + type: object + status: + description: ClusterReportStatus defines the observed state of ClusterReport + properties: + kustomizeResourceReports: + description: |- + KustomizeResourceReports contains report on Kubernetes resources + deployed because of KustomizationRefs + items: + properties: + action: + description: Action represent the type of operation on the Kubernetes + resource. + enum: + - No Action + - Create + - Update + - Delete + - Conflict + type: string + message: + description: |- + Message is for any message that needs to added to better + explain the action. + type: string + resource: + description: Resource contains information about Kubernetes + Resource + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret containing + this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + required: + - resource + type: object + type: array + releaseReports: + description: ReleaseReports contains report on helm releases + items: + properties: + action: + description: Action represent the type of operation on the Helm + Chart + enum: + - No Action + - Install + - Upgrade + - Delete + - Conflict + type: string + chartName: + description: ReleaseName of the release deployed in the CAPI + Cluster. + minLength: 1 + type: string + chartVersion: + description: |- + ChartVersion is the version of the helm chart deployed + in the CAPI Cluster. + type: string + message: + description: |- + Message is for any message that needs to added to better + explain the action. + type: string + releaseNamespace: + description: Namespace where release is deployed in the CAPI + Cluster. + minLength: 1 + type: string + required: + - chartName + - chartVersion + - releaseNamespace + type: object + type: array + resourceReports: + description: |- + ResourceReports contains report on Kubernetes resources + deployed because of PolicyRefs + items: + properties: + action: + description: Action represent the type of operation on the Kubernetes + resource. + enum: + - No Action + - Create + - Update + - Delete + - Conflict + type: string + message: + description: |- + Message is for any message that needs to added to better + explain the action. + type: string + resource: + description: Resource contains information about Kubernetes + Resource + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret containing + this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + required: + - resource + type: object + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterReport is the Schema for the clusterreports API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterReportSpec defines the desired state of ClusterReport + properties: + clusterName: + description: |- + ClusterName is the name of the CAPI Cluster this ClusterReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the CAPI Cluster this + ClusterReport is for. + type: string + required: + - clusterName + - clusterNamespace + type: object + status: + description: ClusterReportStatus defines the observed state of ClusterReport + properties: + kustomizeResourceReports: + description: |- + KustomizeResourceReports contains report on Kubernetes resources + deployed because of KustomizationRefs + items: + properties: + action: + description: Action represent the type of operation on the Kubernetes + resource. + enum: + - No Action + - Create + - Update + - Delete + - Conflict + type: string + message: + description: |- + Message is for any message that needs to added to better + explain the action. + type: string + resource: + description: Resource contains information about Kubernetes + Resource + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret containing + this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + required: + - resource + type: object + type: array + releaseReports: + description: ReleaseReports contains report on helm releases + items: + properties: + action: + description: Action represent the type of operation on the Helm + Chart + enum: + - No Action + - Install + - Upgrade + - Delete + - Conflict + type: string + chartName: + description: ReleaseName of the release deployed in the CAPI + Cluster. + minLength: 1 + type: string + chartVersion: + description: |- + ChartVersion is the version of the helm chart deployed + in the CAPI Cluster. + type: string + message: + description: |- + Message is for any message that needs to added to better + explain the action. + type: string + releaseNamespace: + description: Namespace where release is deployed in the CAPI + Cluster. + minLength: 1 + type: string + required: + - chartName + - chartVersion + - releaseNamespace + type: object + type: array + resourceReports: + description: |- + ResourceReports contains report on Kubernetes resources + deployed because of PolicyRefs + items: + properties: + action: + description: Action represent the type of operation on the Kubernetes + resource. + enum: + - No Action + - Create + - Update + - Delete + - Conflict + type: string + message: + description: |- + Message is for any message that needs to added to better + explain the action. + type: string + resource: + description: Resource contains information about Kubernetes + Resource + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + This field has a meaning only when mode is ContinuousWithDriftDetection + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + lastAppliedTime: + description: LastAppliedTime identifies when this resource + was last applied to the cluster. + format: date-time + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + owner: + description: Owner is the list of ConfigMap/Secret containing + this resource. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + version: + description: Version of the resource deployed in the Cluster. + minLength: 1 + type: string + required: + - group + - kind + - name + - owner + - version + type: object + required: + - resource + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/clusterset-crd.yaml b/templates/projectsveltos/crds/clusterset-crd.yaml new file mode 100644 index 000000000..948514bd7 --- /dev/null +++ b/templates/projectsveltos/crds/clusterset-crd.yaml @@ -0,0 +1,444 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + name: clustersets.lib.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: lib.projectsveltos.io + names: + kind: ClusterSet + listKind: ClusterSetList + plural: clustersets + singular: clusterset + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSet is the Schema for the clustersets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to (Deprecated + use selector instead). + type: string + maxReplicas: + description: |- + MaxReplicas specifies the maximum number of clusters to be selected + from the pool matching the clusterSelector. + type: integer + type: object + status: + description: Status defines the observed state of ClusterSet/Set + properties: + matchingClusterRefs: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterSet/Set ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + selectedClusterRefs: + description: |- + SelectedClusters reference all the cluster currently selected among + all the ones matching + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterSet is the Schema for the clustersets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxReplicas: + description: |- + MaxReplicas specifies the maximum number of clusters to be selected + from the pool matching the clusterSelector. + type: integer + type: object + status: + description: Status defines the observed state of ClusterSet/Set + properties: + matchingClusterRefs: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterSet/Set ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + selectedClusterRefs: + description: |- + SelectedClusters reference all the cluster currently selected among + all the ones matching + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/clustersummary-crd.yaml b/templates/projectsveltos/crds/clustersummary-crd.yaml new file mode 100644 index 000000000..1df095775 --- /dev/null +++ b/templates/projectsveltos/crds/clustersummary-crd.yaml @@ -0,0 +1,2056 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.2 + name: clustersummaries.config.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: config.projectsveltos.io + names: + kind: ClusterSummary + listKind: ClusterSummaryList + plural: clustersummaries + singular: clustersummary + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterSummary is the Schema for the clustersummaries API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterSummarySpec defines the desired state of ClusterSummary + properties: + clusterName: + description: ClusterName is the name of the workload Cluster this + ClusterSummary is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the workload Cluster this + ClusterSummary is for. + type: string + clusterProfileSpec: + description: |- + ClusterProfileSpec represent the configuration that will be applied to + the workload cluster. + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate + to. + type: string + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + dependsOn: + description: |- + DependsOn specifies a list of other ClusterProfiles that this instance depends on. + In any managed cluster that matches this ClusterProfile, the add-ons and applications + defined in this instance will not be deployed until all add-ons and applications in the + ClusterProfiles listed as dependencies are deployed. + items: + type: string + type: array + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + type: object + helmCharts: + description: Helm charts is a list of helm charts that need to + be deployed + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be + taken on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used + during installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm + operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set + to false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific + to helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not + present. Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace + an older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific + to helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific + to helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause + the upgrade to delete newly-created resources + on a failed update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods + after a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the + values to the chart's built-ins then merge with + user's last supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to + the chart's built-ins rather than merging with + existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes + are rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs is a list of kustomization paths. Kustomization will + be run on those paths and the outcome will be deployed. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired cluster (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets containing kubernetes resources + that need to be deployed in the matching CAPI clusters. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + setRefs: + description: |- + SetRefs identifies referenced (cluster)Sets. + - ClusterProfile can reference ClusterSet; + - Profile can reference Set; + items: + type: string + type: array + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates contained in referenced + PolicyRefs and Helm charts + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - identifier + x-kubernetes-list-type: map + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed + Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed + Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based + on current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + type: object + clusterType: + description: ClusterType is the type of Cluster + type: string + required: + - clusterName + - clusterNamespace + - clusterType + type: object + status: + description: ClusterSummaryStatus defines the observed state of ClusterSummary + properties: + dependencies: + description: |- + Dependencies is a summary reporting the status of the dependencies + for the associated ClusterProfile + type: string + deployedGVKs: + description: |- + DeployedGVKs reports the list of GVKs deployed by ClusterSummary + in a managed cluster + items: + properties: + deployedGroupVersionKind: + description: |- + DeployedGroupVersionKind contains all GroupVersionKinds deployed in either + the workload cluster or the management cluster because of this feature. + Each element has format kind.version.group + items: + type: string + type: array + featureID: + description: FeatureID is an indentifier of the feature whose + status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + required: + - featureID + type: object + type: array + x-kubernetes-list-map-keys: + - featureID + x-kubernetes-list-type: map + featureSummaries: + description: |- + FeatureSummaries reports the status of each workload cluster feature + directly managed by ClusterProfile. + items: + description: |- + FeatureSummary contains a summary of the state of a workload + cluster feature. + properties: + deployedGroupVersionKind: + description: |- + DeployedGroupVersionKind contains all GroupVersionKinds deployed in either + the workload cluster or the management cluster because of this feature. + Each element has format kind.version.group + Deprecated: Replaced by FeatureDeploymentInfo field instead + items: + type: string + type: array + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + failureReason: + description: FailureReason indicates the type of error that + occurred. + type: string + featureID: + description: FeatureID is an indentifier of the feature whose + status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + hash: + description: |- + Hash represents of a unique value for a feature at a fixed point in + time + format: byte + type: string + lastAppliedTime: + description: LastAppliedTime is the time feature was last reconciled + format: date-time + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - FailedNonRetriable + - Removing + - Removed + type: string + required: + - featureID + type: object + type: array + x-kubernetes-list-map-keys: + - featureID + x-kubernetes-list-type: map + helmReleaseSummaries: + description: |- + HelmReleaseSummaries reports the status of each helm chart + directly managed by ClusterProfile. + items: + properties: + conflictMessage: + description: |- + Status indicates whether ClusterSummary can manage the helm + chart or there is a conflict + type: string + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + status: + description: |- + Status indicates whether ClusterSummary can manage the helm + chart or there is a conflict + enum: + - Managing + - Conflict + type: string + valuesHash: + description: ValuesHash represents of a unique value for the + values section + format: byte + type: string + required: + - releaseName + - releaseNamespace + - status + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Indicates whether HelmCharts are all provisioned + jsonPath: .status.featureSummaries[?(@.featureID=="Helm")].status + name: HelmCharts + priority: 2 + type: string + - description: Indicates whether KustomizeRefs are all provisioned + jsonPath: .status.featureSummaries[?(@.featureID=="Kustomize")].status + name: KustomizeRefs + priority: 2 + type: string + - description: Indicates whether PolicyRefs are all provisioned + jsonPath: .status.featureSummaries[?(@.featureID=="Resources")].status + name: PolicyRefs + priority: 2 + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: ClusterSummary is the Schema for the clustersummaries API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ClusterSummarySpec defines the desired state of ClusterSummary + properties: + clusterName: + description: ClusterName is the name of the workload Cluster this + ClusterSummary is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the workload Cluster this + ClusterSummary is for. + type: string + clusterProfileSpec: + description: |- + ClusterProfileSpec represent the configuration that will be applied to + the workload cluster. + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate + to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + dependsOn: + description: |- + DependsOn specifies a list of other ClusterProfiles that this instance depends on. + In any managed cluster that matches this ClusterProfile, the add-ons and applications + defined in this instance will not be deployed until all add-ons and applications in the + ClusterProfiles listed as dependencies are deployed. + items: + type: string + type: array + driftExclusions: + description: |- + DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is + set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore + when evaluating drift, optionally targeting specific resources and features. + items: + properties: + paths: + description: Paths is a slice of JSON6902 paths to exclude + from configuration drift evaluation. + items: + type: string + type: array + target: + description: Target points to the resources that the paths + refers to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - paths + type: object + type: array + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + (Deprecated use Patches instead) + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + (Deprecated use Patches instead) + type: object + helmCharts: + description: Helm charts is a list of helm charts that need to + be deployed + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be + taken on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used + during installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm + operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set + to false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific + to helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not + present. Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace + an older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific + to helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific + to helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause + the upgrade to delete newly-created resources + on a failed update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods + after a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the + values to the chart's built-ins then merge with + user's last supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to + the chart's built-ins rather than merging with + existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes + are rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs is a list of kustomization paths. Kustomization will + be run on those paths and the outcome will be deployed. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster) + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired cluster (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + patches: + description: |- + Define additional Kustomize inline Patches applied for all resources on this profile + Within the Patch Spec you can use templating + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + target: + description: Target points to the resources that the patch + document should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources + that need to be deployed in the matching managed clusters. + The values contained in those resources can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + setRefs: + description: |- + SetRefs identifies referenced (cluster)Sets. + - ClusterProfile can reference ClusterSet; + - Profile can reference Set; + items: + type: string + type: array + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - identifier + x-kubernetes-list-type: map + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed + Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed + Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based + on current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + type: object + clusterType: + description: ClusterType is the type of Cluster + type: string + required: + - clusterName + - clusterNamespace + - clusterType + type: object + status: + description: ClusterSummaryStatus defines the observed state of ClusterSummary + properties: + dependencies: + description: |- + Dependencies is a summary reporting the status of the dependencies + for the associated ClusterProfile + type: string + deployedGVKs: + description: |- + DeployedGVKs reports the list of GVKs deployed by ClusterSummary + in a managed cluster + items: + properties: + deployedGroupVersionKind: + description: |- + DeployedGroupVersionKind contains all GroupVersionKinds deployed in either + the workload cluster or the management cluster because of this feature. + Each element has format kind.version.group + items: + type: string + type: array + featureID: + description: FeatureID is an indentifier of the feature whose + status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + required: + - featureID + type: object + type: array + x-kubernetes-list-map-keys: + - featureID + x-kubernetes-list-type: map + featureSummaries: + description: |- + FeatureSummaries reports the status of each workload cluster feature + directly managed by ClusterProfile. + items: + description: |- + FeatureSummary contains a summary of the state of a workload + cluster feature. + properties: + deployedGroupVersionKind: + description: |- + DeployedGroupVersionKind contains all GroupVersionKinds deployed in either + the workload cluster or the management cluster because of this feature. + Each element has format kind.version.group + Deprecated: Replaced by FeatureDeploymentInfo field instead + items: + type: string + type: array + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + failureReason: + description: FailureReason indicates the type of error that + occurred. + type: string + featureID: + description: FeatureID is an indentifier of the feature whose + status is reported + enum: + - Resources + - Helm + - Kustomize + type: string + hash: + description: |- + Hash represents of a unique value for a feature at a fixed point in + time + format: byte + type: string + lastAppliedTime: + description: LastAppliedTime is the time feature was last reconciled + format: date-time + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - FailedNonRetriable + - Removing + - Removed + type: string + required: + - featureID + type: object + type: array + x-kubernetes-list-map-keys: + - featureID + x-kubernetes-list-type: map + helmReleaseSummaries: + description: |- + HelmReleaseSummaries reports the status of each helm chart + directly managed by ClusterProfile. + items: + properties: + conflictMessage: + description: |- + Status indicates whether ClusterSummary can manage the helm + chart or there is a conflict + type: string + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + status: + description: |- + Status indicates whether ClusterSummary can manage the helm + chart or there is a conflict + enum: + - Managing + - Conflict + type: string + valuesHash: + description: ValuesHash represents of a unique value for the + values section + format: byte + type: string + required: + - releaseName + - releaseNamespace + - status + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/debuggingconfiguration-crd.yaml b/templates/projectsveltos/crds/debuggingconfiguration-crd.yaml new file mode 100644 index 000000000..dbfda1802 --- /dev/null +++ b/templates/projectsveltos/crds/debuggingconfiguration-crd.yaml @@ -0,0 +1,147 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: debuggingconfigurations.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: DebuggingConfiguration + listKind: DebuggingConfigurationList + plural: debuggingconfigurations + singular: debuggingconfiguration + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: DebuggingConfiguration is the Schema for the debuggingconfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DebuggingConfigurationSpec defines the desired state of DebuggingConfiguration + properties: + configuration: + description: Configuration contains debugging configuration as granular + as per component. + items: + description: ComponentConfiguration is the debugging configuration + to be applied to a Sveltos component. + properties: + component: + description: Component indicates which Sveltos component the + configuration applies to. + enum: + - AddonManager + - Classifier + - ClassifierAgent + - SveltosClusterManager + - DriftDetectionManager + - AccessManager + - HealthCheckManager + - EventManager + - ShardController + - UIBackend + type: string + logLevel: + description: 'LogLevel is the log severity above which logs + are sent to the stdout. [Default: Info]' + enum: + - LogLevelNotSet + - LogLevelInfo + - LogLevelDebug + - LogLevelVerbose + type: string + required: + - component + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + served: true + storage: false + - name: v1beta1 + schema: + openAPIV3Schema: + description: DebuggingConfiguration is the Schema for the debuggingconfigurations + API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: DebuggingConfigurationSpec defines the desired state of DebuggingConfiguration + properties: + configuration: + description: Configuration contains debugging configuration as granular + as per component. + items: + description: ComponentConfiguration is the debugging configuration + to be applied to a Sveltos component. + properties: + component: + description: Component indicates which Sveltos component the + configuration applies to. + enum: + - AddonManager + - Classifier + - ClassifierAgent + - SveltosClusterManager + - DriftDetectionManager + - AccessManager + - HealthCheckManager + - EventManager + - ShardController + - UIBackend + type: string + logLevel: + description: 'LogLevel is the log severity above which logs + are sent to the stdout. [Default: Info]' + enum: + - LogLevelNotSet + - LogLevelInfo + - LogLevelDebug + - LogLevelVerbose + type: string + required: + - component + type: object + type: array + x-kubernetes-list-type: atomic + type: object + type: object + served: true + storage: true diff --git a/templates/projectsveltos/crds/eventreport-crd.yaml b/templates/projectsveltos/crds/eventreport-crd.yaml new file mode 100644 index 000000000..df71caef4 --- /dev/null +++ b/templates/projectsveltos/crds/eventreport-crd.yaml @@ -0,0 +1,255 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: eventreports.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: EventReport + listKind: EventReportList + plural: eventreports + singular: eventreport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EventReport is the Schema for the EventReport API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: |- + ClusterName is the name of the Cluster this EventReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + EventReport is for. + type: string + clusterType: + description: |- + ClusterType is the type of Cluster this EventReport + is for. + type: string + eventSourceName: + description: |- + EventSourceName is the name of the EventSource instance this report + is for. + type: string + matchingResources: + description: MatchingResources contains a list of resources matching + an event + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + resources: + description: |- + If EventSource Spec.CollectResources is set to true, all matching resources + will be collected and contained in the Resources field. + format: byte + type: string + required: + - clusterName + - clusterNamespace + - clusterType + - eventSourceName + type: object + status: + description: EventReportStatus defines the observed state of EventReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: EventReport is the Schema for the EventReport API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: |- + ClusterName is the name of the Cluster this EventReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + EventReport is for. + type: string + clusterType: + description: |- + ClusterType is the type of Cluster this EventReport + is for. + type: string + eventSourceName: + description: |- + EventSourceName is the name of the EventSource instance this report + is for. + type: string + matchingResources: + description: MatchingResources contains a list of resources matching + an event + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + resources: + description: |- + If EventSource Spec.CollectResources is set to true, all matching resources + will be collected and contained in the Resources field. + format: byte + type: string + required: + - clusterName + - clusterNamespace + - clusterType + - eventSourceName + type: object + status: + description: EventReportStatus defines the observed state of EventReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/eventsource-crd.yaml b/templates/projectsveltos/crds/eventsource-crd.yaml new file mode 100644 index 000000000..ea47892a8 --- /dev/null +++ b/templates/projectsveltos/crds/eventsource-crd.yaml @@ -0,0 +1,241 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: eventsources.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: EventSource + listKind: EventSourceList + plural: eventsources + singular: eventsource + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EventSource is the Schema for the EventSource API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EventSourceSpec defines the desired state of EventSource + properties: + aggregatedSelection: + description: |- + This field is optional and can be used to specify a Lua function + that will be used to further select a subset of the resources that + have already been selected using the ResourceSelector field. + The function will receive the array of resources selected by ResourceSelectors. + If this field is not specified, all resources selected by the ResourceSelector + field will be considered. + This field allows to perform more complex filtering or selection operations + on the resources, looking at all resources together. + This can be useful for more sophisticated tasks, such as identifying resources + that are related to each other or that have similar properties. + The Lua function must return a struct with: + - "resources" field: slice of matching resorces; + - "message" field: (optional) message. + type: string + collectResources: + default: false + description: |- + CollectResources indicates whether matching resources need + to be collected and added to EventReport. + type: boolean + resourceSelectors: + description: ResourceSelectors identifies what resources to select + items: + description: ResourceSelector defines what resources are a match + properties: + evaluate: + description: |- + Evaluate contains a function "evaluate" in lua language. + The function will be passed one of the object selected based on + above criteria. + Must return struct with field "matching" representing whether + object is a match and an optional "message" field. + type: string + group: + description: Group of the resource deployed in the Cluster. + type: string + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name of the resource deployed in the Cluster. + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - kind + - version + type: object + type: array + required: + - resourceSelectors + type: object + type: object + served: true + storage: false + - name: v1beta1 + schema: + openAPIV3Schema: + description: EventSource is the Schema for the EventSource API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EventSourceSpec defines the desired state of EventSource + properties: + aggregatedSelection: + description: |- + This field is optional and can be used to specify a Lua function + that will be used to further select a subset of the resources that + have already been selected using the ResourceSelector field. + The function will receive the array of resources selected by ResourceSelectors. + If this field is not specified, all resources selected by the ResourceSelector + field will be considered. + This field allows to perform more complex filtering or selection operations + on the resources, looking at all resources together. + This can be useful for more sophisticated tasks, such as identifying resources + that are related to each other or that have similar properties. + The Lua function must return a struct with: + - "resources" field: slice of matching resorces; + - "message" field: (optional) message. + type: string + collectResources: + default: false + description: |- + CollectResources indicates whether matching resources need + to be collected and added to EventReport. + type: boolean + resourceSelectors: + description: ResourceSelectors identifies what resources to select + items: + description: ResourceSelector defines what resources are a match + properties: + evaluate: + description: |- + Evaluate contains a function "evaluate" in lua language. + The function will be passed one of the object selected based on + above criteria. + Must return struct with field "matching" representing whether + object is a match and an optional "message" field. + type: string + group: + description: Group of the resource deployed in the Cluster. + type: string + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name of the resource deployed in the Cluster. + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - kind + - version + type: object + type: array + required: + - resourceSelectors + type: object + type: object + served: true + storage: true diff --git a/templates/projectsveltos/crds/eventtrigger-crd.yaml b/templates/projectsveltos/crds/eventtrigger-crd.yaml new file mode 100644 index 000000000..06c2a7038 --- /dev/null +++ b/templates/projectsveltos/crds/eventtrigger-crd.yaml @@ -0,0 +1,2135 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.2 + name: eventtriggers.lib.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: lib.projectsveltos.io + names: + kind: EventTrigger + listKind: EventTriggerList + plural: eventtriggers + singular: eventtrigger + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: EventTrigger is the Schema for the eventtriggers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EventTriggerSpec defines the desired state of EventTrigger + properties: + clusterSetRefs: + description: SetRefs identifies referenced ClusterSets. Name of the + referenced ClusterSets. + items: + type: string + type: array + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + destinationClusterSelector: + description: |- + DestinationClusterSelector identifies the cluster where add-ons will be deployed. + By default, this is nil and add-ons will be deployed in the very same cluster the + event happened. + If DestinationClusterSelector is set though, when an event happens in any of the + cluster identified by SourceClusterSelector, add-ons will be deployed in each of + the cluster indentified by DestinationClusterSelector. + type: string + eventSourceName: + description: |- + EventSourceName is the name of the referenced EventSource. + Resources contained in the referenced ConfigMaps/Secrets and HelmCharts + will be customized using information from resources matching the EventSource + in the managed cluster. + type: string + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + type: object + helmCharts: + description: Helm charts to be deployed in the matching clusters based + on EventSource. + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be taken + on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used during + installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set to + false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific to + helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not present. + Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace an + older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific to + helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific to + helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause the + upgrade to delete newly-created resources on a failed + update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods after + a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the values + to the chart's built-ins then merge with user's last + supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to the + chart's built-ins rather than merging with existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes are + rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: Kustomization refs + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + oneForEvent: + description: |- + Multiple resources in a managed cluster can be a match for referenced + EventSource. OneForEvent indicates whether a ClusterProfile for all + resource (OneForEvent = false) or one per resource (OneForEvent = true) + needs to be creted. + type: boolean + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets containing kubernetes resources + that need to be deployed in the matching clusters based on EventSource. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + sourceClusterSelector: + description: |- + SourceClusterSelector identifies clusters to associate to. + This represents the set of clusters where Sveltos will watch for + events defined by referenced EventSource + type: string + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates contained in referenced + PolicyRefs and Helm charts + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + required: + - eventSourceName + - sourceClusterSelector + type: object + status: + description: EventTriggerStatus defines the observed state of EventTrigger + properties: + clusterInfo: + description: |- + ClusterInfo represent the deployment status in each managed + cluster. + items: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + type: array + destinationMatchingClusterRefs: + description: |- + DestinationMatchingClusterRefs reference all the cluster-api Cluster currently matching + ClusterProfile DestinationClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + matchingClusters: + description: |- + MatchingClusterRefs reference all the cluster-api Cluster currently matching + ClusterProfile SourceClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: EventTrigger is the Schema for the eventtriggers API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: EventTriggerSpec defines the desired state of EventTrigger + properties: + clusterSetRefs: + description: SetRefs identifies referenced ClusterSets. Name of the + referenced ClusterSets. + items: + type: string + type: array + configMapGenerator: + description: |- + The ConfigMapGenerator field references ConfigMaps containing templates. + These referenced ConfigMaps will be dynamically instantiated in the management cluster + based on event data. + items: + properties: + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - `.Cluster.metadata.namespace`: namespace of the managed cluster + - `.Cluster.metadata.name`: name of the managed cluster + - `.Cluster.kind`: kind of the managed cluster object + minLength: 1 + type: string + nameFormat: + description: |- + InstantiatedResourceNameFormat defines a template used to generate the name + of the resource created in the management cluster. The template can reference: + - `.Cluster.metadata.namespace`: namespace of the managed cluster + - `.Cluster.metadata.name`: name of the managed cluster + - `.Cluster.kind`: kind of the managed cluster object + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + Nnamespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + type: string + required: + - name + - nameFormat + type: object + type: array + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + type: boolean + destinationClusterSelector: + description: |- + DestinationClusterSelector identifies the cluster where add-ons will be deployed. + By default, this is nil and add-ons will be deployed in the very same cluster the + event happened. + If DestinationClusterSelector is set though, when an event happens in any of the + cluster identified by SourceClusterSelector, add-ons will be deployed in each of + the cluster indentified by DestinationClusterSelector. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + driftExclusions: + description: |- + DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is + set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore + when evaluating drift, optionally targeting specific resources and features. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + properties: + paths: + description: Paths is a slice of JSON6902 paths to exclude from + configuration drift evaluation. + items: + type: string + type: array + target: + description: Target points to the resources that the paths refers + to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - paths + type: object + type: array + eventSourceName: + description: |- + EventSourceName is the name of the referenced EventSource. + Resources contained in the referenced ConfigMaps/Secrets and HelmCharts + will be customized using information from resources matching the EventSource + in the managed cluster. + Name can be expressed as a template and instantiate using: + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + (Deprecated use Patches instead) + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + (Deprecated use Patches instead) + type: object + helmCharts: + description: |- + Helm charts to be deployed in the matching clusters based on EventSource. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be taken + on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used during + installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set to + false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific to + helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not present. + Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace an + older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific to + helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific to + helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause the + upgrade to delete newly-created resources on a failed + update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods after + a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the values + to the chart's built-ins then merge with user's last + supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to the + chart's built-ins rather than merging with existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes are + rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster) + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired pods (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + oneForEvent: + description: |- + Multiple resources in a managed cluster can be a match for referenced + EventSource. OneForEvent indicates whether a ClusterProfile for all + resource (OneForEvent = false) or one per resource (OneForEvent = true) + needs to be creted. + type: boolean + patches: + description: |- + Define additional Kustomize inline Patches applied for all resources on this profile + Within the Patch Spec you can use templating + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets containing kubernetes resources + that need to be deployed in the matching clusters based on EventSource. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + type: boolean + secretGenerator: + description: |- + The SecretGenerator field references Secrets containing templates. + These referenced Secret will be dynamically instantiated in the management cluster + based on event data. + items: + properties: + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - `.Cluster.metadata.namespace`: namespace of the managed cluster + - `.Cluster.metadata.name`: name of the managed cluster + - `.Cluster.kind`: kind of the managed cluster object + minLength: 1 + type: string + nameFormat: + description: |- + InstantiatedResourceNameFormat defines a template used to generate the name + of the resource created in the management cluster. The template can reference: + - `.Cluster.metadata.namespace`: namespace of the managed cluster + - `.Cluster.metadata.name`: name of the managed cluster + - `.Cluster.kind`: kind of the managed cluster object + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + Nnamespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + type: string + required: + - name + - nameFormat + type: object + type: array + sourceClusterSelector: + description: |- + SourceClusterSelector identifies clusters to associate to. + This represents the set of clusters where Sveltos will watch for + events defined by referenced EventSource + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates contained in referenced + PolicyRefs and Helm charts + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + This field will be directly transferred to the ClusterProfile Spec + generated in response to events. + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + required: + - eventSourceName + - sourceClusterSelector + type: object + status: + description: EventTriggerStatus defines the observed state of EventTrigger + properties: + clusterInfo: + description: |- + ClusterInfo represent the deployment status in each managed + cluster. + items: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + type: array + destinationMatchingClusterRefs: + description: |- + DestinationMatchingClusterRefs reference all the cluster-api Cluster currently matching + ClusterProfile DestinationClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + matchingClusters: + description: |- + MatchingClusterRefs reference all the cluster-api Cluster currently matching + ClusterProfile SourceClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/healthcheck-crd.yaml b/templates/projectsveltos/crds/healthcheck-crd.yaml new file mode 100644 index 000000000..11fd9b7dd --- /dev/null +++ b/templates/projectsveltos/crds/healthcheck-crd.yaml @@ -0,0 +1,237 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: healthchecks.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: HealthCheck + listKind: HealthCheckList + plural: healthchecks + singular: healthcheck + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: HealthCheck is the Schema for the HealthCheck API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HealthCheckSpec defines the desired state of HealthCheck + properties: + collectResources: + default: false + description: |- + CollectResources indicates whether matching resources need + to be collected and added to HealthReport. + type: boolean + evaluateHealth: + description: |- + The EvaluateHealth field specifies a Lua function responsible for evaluating the + health of the resources selected by resourceSelectors. + This function can assess the health of each resource independently or consider inter-resource relationships. + The function must be named *evaluate* and can access all objects identified by resourceSelectors using + the *resources* variable. It should return an array of structured instances, each containing the following fields: + - resource: The resource being evaluated + - healthStatus: The health status of the resource, which can be one of "Healthy", "Progressing", "Degraded", or "Suspended" + - message: An optional message providing additional information about the health status + minLength: 1 + type: string + resourceSelectors: + description: ResourceSelectors identifies what resources to select + to evaluate health + items: + description: ResourceSelector defines what resources are a match + properties: + evaluate: + description: |- + Evaluate contains a function "evaluate" in lua language. + The function will be passed one of the object selected based on + above criteria. + Must return struct with field "matching" representing whether + object is a match and an optional "message" field. + type: string + group: + description: Group of the resource deployed in the Cluster. + type: string + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name of the resource deployed in the Cluster. + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - kind + - version + type: object + type: array + required: + - evaluateHealth + - resourceSelectors + type: object + type: object + served: true + storage: false + - name: v1beta1 + schema: + openAPIV3Schema: + description: HealthCheck is the Schema for the HealthCheck API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: HealthCheckSpec defines the desired state of HealthCheck + properties: + collectResources: + default: false + description: |- + CollectResources indicates whether matching resources need + to be collected and added to HealthReport. + type: boolean + evaluateHealth: + description: |- + The EvaluateHealth field specifies a Lua function responsible for evaluating the + health of the resources selected by resourceSelectors. + This function can assess the health of each resource independently or consider inter-resource relationships. + The function must be named *evaluate* and can access all objects identified by resourceSelectors using + the *resources* variable. It should return an array of structured instances, each containing the following fields: + - resource: The resource being evaluated + - healthStatus: The health status of the resource, which can be one of "Healthy", "Progressing", "Degraded", or "Suspended" + - message: An optional message providing additional information about the health status + minLength: 1 + type: string + resourceSelectors: + description: ResourceSelectors identifies what resources to select + to evaluate health + items: + description: ResourceSelector defines what resources are a match + properties: + evaluate: + description: |- + Evaluate contains a function "evaluate" in lua language. + The function will be passed one of the object selected based on + above criteria. + Must return struct with field "matching" representing whether + object is a match and an optional "message" field. + type: string + group: + description: Group of the resource deployed in the Cluster. + type: string + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name of the resource deployed in the Cluster. + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - kind + - version + type: object + type: array + required: + - evaluateHealth + - resourceSelectors + type: object + type: object + served: true + storage: true diff --git a/templates/projectsveltos/crds/healthcheckreport-crd.yaml b/templates/projectsveltos/crds/healthcheckreport-crd.yaml new file mode 100644 index 000000000..5bcfc1acf --- /dev/null +++ b/templates/projectsveltos/crds/healthcheckreport-crd.yaml @@ -0,0 +1,287 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: healthcheckreports.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: HealthCheckReport + listKind: HealthCheckReportList + plural: healthcheckreports + singular: healthcheckreport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: HealthCheckReport is the Schema for the HealthCheckReport API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: |- + ClusterName is the name of the Cluster this HealthCheckReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + HealthCheckReport is for. + type: string + clusterType: + description: |- + ClusterType is the type of Cluster this HealthCheckReport + is for. + type: string + healthCheckName: + description: |- + HealthName is the name of the HealthCheck instance this report + is for. + type: string + resourceStatuses: + description: ResourceStatuses contains a list of resources with their + status + items: + properties: + healthStatus: + description: HealthStatus is the health status of the object + enum: + - Healthy + - Progressing + - Degraded + - Suspended + type: string + message: + description: Message is an extra message for human consumption + type: string + objectRef: + description: ObjectRef for which status is reported + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + resource: + description: |- + If HealthCheck Spec.CollectResources is set to true, resource + will be collected and contained in the Resource field. + format: byte + type: string + required: + - healthStatus + - objectRef + type: object + type: array + required: + - clusterName + - clusterNamespace + - clusterType + - healthCheckName + type: object + status: + description: HealthCheckReportStatus defines the observed state of HealthCheckReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: HealthCheckReport is the Schema for the HealthCheckReport API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: |- + ClusterName is the name of the Cluster this HealthCheckReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + HealthCheckReport is for. + type: string + clusterType: + description: |- + ClusterType is the type of Cluster this HealthCheckReport + is for. + type: string + healthCheckName: + description: |- + HealthName is the name of the HealthCheck instance this report + is for. + type: string + resourceStatuses: + description: ResourceStatuses contains a list of resources with their + status + items: + properties: + healthStatus: + description: HealthStatus is the health status of the object + enum: + - Healthy + - Progressing + - Degraded + - Suspended + type: string + message: + description: Message is an extra message for human consumption + type: string + objectRef: + description: ObjectRef for which status is reported + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + resource: + description: |- + If HealthCheck Spec.CollectResources is set to true, resource + will be collected and contained in the Resource field. + format: byte + type: string + required: + - healthStatus + - objectRef + type: object + type: array + required: + - clusterName + - clusterNamespace + - clusterType + - healthCheckName + type: object + status: + description: HealthCheckReportStatus defines the observed state of HealthCheckReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/profile-crd.yaml b/templates/projectsveltos/crds/profile-crd.yaml new file mode 100644 index 000000000..9f8b7882e --- /dev/null +++ b/templates/projectsveltos/crds/profile-crd.yaml @@ -0,0 +1,2060 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.2 + name: profiles.config.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: config.projectsveltos.io + names: + kind: Profile + listKind: ProfileList + plural: profiles + singular: profile + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to. + type: string + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + dependsOn: + description: |- + DependsOn specifies a list of other ClusterProfiles that this instance depends on. + In any managed cluster that matches this ClusterProfile, the add-ons and applications + defined in this instance will not be deployed until all add-ons and applications in the + ClusterProfiles listed as dependencies are deployed. + items: + type: string + type: array + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + type: object + helmCharts: + description: Helm charts is a list of helm charts that need to be + deployed + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be taken + on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used during + installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set to + false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific to + helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not present. + Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace an + older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific to + helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific to + helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause the + upgrade to delete newly-created resources on a failed + update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods after + a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the values + to the chart's built-ins then merge with user's last + supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to the + chart's built-ins rather than merging with existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes are + rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs is a list of kustomization paths. Kustomization will + be run on those paths and the outcome will be deployed. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired cluster (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets containing kubernetes resources + that need to be deployed in the matching CAPI clusters. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + setRefs: + description: |- + SetRefs identifies referenced (cluster)Sets. + - ClusterProfile can reference ClusterSet; + - Profile can reference Set; + items: + type: string + type: array + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates contained in referenced + PolicyRefs and Helm charts + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - identifier + x-kubernetes-list-type: map + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + type: object + status: + description: Status defines the observed state of ClusterProfile/Profile + properties: + matchingClusters: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterProfile ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + updatedClusters: + description: |- + UpdatedClusters contains information all the cluster currently matching + ClusterProfile ClusterSelector and already updated to latest ClusterProfile + Spec + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + updatingClusters: + description: |- + UpdatingClusters reference all the cluster currently matching + ClusterProfile ClusterSelector and being updated + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: Profile is the Schema for the profiles API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + continueOnConflict: + default: false + description: |- + By default (when ContinueOnConflict is unset or set to false), Sveltos stops deployment after + encountering the first conflict (e.g., another ClusterProfile already deployed the resource). + If set to true, Sveltos will attempt to deploy remaining resources in the ClusterProfile even + if conflicts are detected for previous resources. + type: boolean + dependsOn: + description: |- + DependsOn specifies a list of other ClusterProfiles that this instance depends on. + In any managed cluster that matches this ClusterProfile, the add-ons and applications + defined in this instance will not be deployed until all add-ons and applications in the + ClusterProfiles listed as dependencies are deployed. + items: + type: string + type: array + driftExclusions: + description: |- + DriftExclusions is a list of configuration drift exclusions to be applied when syncMode is + set to ContinuousWithDriftDetection. Each exclusion specifies JSON6902 paths to ignore + when evaluating drift, optionally targeting specific resources and features. + items: + properties: + paths: + description: Paths is a slice of JSON6902 paths to exclude from + configuration drift evaluation. + items: + type: string + type: array + target: + description: Target points to the resources that the paths refers + to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - paths + type: object + type: array + extraAnnotations: + additionalProperties: + type: string + description: |- + ExtraAnnotations: These annotations will be added by Sveltos to all Kubernetes resources + deployed in a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a annotation with a key present in + `ExtraAnnotations`, the value from `ExtraAnnotations` will override the existing value. + (Deprecated use Patches instead) + type: object + extraLabels: + additionalProperties: + type: string + description: |- + ExtraLabels: These labels will be added by Sveltos to all Kubernetes resources deployed in + a managed cluster based on this ClusterProfile/Profile instance. + **Important:** If a resource deployed by Sveltos already has a label with a key present in + `ExtraLabels`, the value from `ExtraLabels` will override the existing value. + (Deprecated use Patches instead) + type: object + helmCharts: + description: Helm charts is a list of helm charts that need to be + deployed + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + chartVersion: + description: ChartVersion is the chart version + minLength: 1 + type: string + helmChartAction: + default: Install + description: HelmChartAction is the action that will be taken + on the helm chart + enum: + - Install + - Uninstall + type: string + options: + description: Options allows to set flags which are used during + installation. + properties: + atomic: + default: false + description: |- + if set, the installation process deletes the installation/upgrades on failure. + The --wait flag will be set automatically if --atomic is used + Default to false + type: boolean + dependencyUpdate: + default: false + description: |- + update dependencies if they are missing before installing the chart + Default to false + type: boolean + description: + description: Description is the description of an helm operation + type: string + disableHooks: + default: false + description: |- + prevent hooks from running during install/upgrade/uninstall + Default to false + type: boolean + disableOpenAPIValidation: + default: false + description: |- + if set, the installation process will not validate rendered templates against the Kubernetes OpenAPI Schema + Default to false + type: boolean + enableClientCache: + default: false + description: EnableClientCache is a flag to enable Helm + client cache. If it is not specified, it will be set to + false. + type: boolean + installOptions: + description: HelmInstallOptions are options specific to + helm install + properties: + createNamespace: + default: true + description: Create the release namespace if not present. + Defaults to true + type: boolean + replace: + default: true + description: Replaces if set indicates to replace an + older release with this one + type: boolean + type: object + labels: + additionalProperties: + type: string + description: Labels that would be added to release metadata. + type: object + skipCRDs: + default: false + description: |- + SkipCRDs controls whether CRDs should be installed during install/upgrade operation. + By default, CRDs are installed if not already present. + type: boolean + timeout: + description: time to wait for any individual Kubernetes + operation (like Jobs for hooks) (default 5m0s) + type: string + uninstallOptions: + description: HelmUninstallOptions are options specific to + helm uninstall + properties: + deletionPropagation: + description: DeletionPropagation + enum: + - orphan + - foreground + - background + type: string + keepHistory: + description: |- + When uninstall a chart with this flag, Helm removes the resources associated with the chart, + but it keeps the release information. This allows to see details about the uninstalled release + using the helm history command. + type: boolean + type: object + upgradeOptions: + description: HelmUpgradeOptions are options specific to + helm upgrade + properties: + cleanupOnFail: + default: false + description: CleanupOnFail will, if true, cause the + upgrade to delete newly-created resources on a failed + update. + type: boolean + force: + default: false + description: |- + Force will, if set to `true`, ignore certain warnings and perform the upgrade anyway. + This should be used with caution. + type: boolean + maxHistory: + default: 2 + description: |- + MaxHistory limits the maximum number of revisions saved per release + Default to 2 + type: integer + recreate: + default: false + description: Recreate will (if true) recreate pods after + a rollback. + type: boolean + resetThenReuseValues: + default: false + description: ResetThenReuseValues will reset the values + to the chart's built-ins then merge with user's last + supplied values. + type: boolean + resetValues: + default: false + description: ResetValues will reset the values to the + chart's built-ins rather than merging with existing. + type: boolean + reuseValues: + default: false + description: |- + ReuseValues copies values from the current release to a new release if the + new release does not have any values. If the request already has values, + or if there are no values in the current release, this does nothing. + This is skipped if the ResetValues flag is set, in which case the + request values are not altered. + type: boolean + subNotes: + default: false + description: SubNotes determines whether sub-notes are + rendered in the chart. + type: boolean + type: object + wait: + default: false + description: |- + if set, will wait until all Pods, PVCs, Services, and minimum number of Pods of a Deployment, StatefulSet, or ReplicaSet + are in a ready state before marking the release as successful. It will wait for as long as --timeout + Default to false + type: boolean + waitForJobs: + default: false + description: |- + if set and --wait enabled, will wait until all Jobs have been completed before marking the release as successful. + It will wait for as long as --timeout + Default to false + type: boolean + type: object + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + repositoryName: + description: RepositoryName is the name helm chart repository + minLength: 1 + type: string + repositoryURL: + description: RepositoryURL is the URL helm chart repository + minLength: 1 + type: string + values: + description: |- + Values field allows to define configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to store configuration for the Helm release. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - chartName + - chartVersion + - releaseName + - releaseNamespace + - repositoryName + - repositoryURL + type: object + type: array + kustomizationRefs: + description: |- + Kustomization refs is a list of kustomization paths. Kustomization will + be run on those paths and the outcome will be deployed. + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - flux GitRepository;OCIRepository;Bucket + - ConfigMap/Secret + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the kustomization.yaml file, or the + set of plain YAMLs a kustomization.yaml should be generated for. + Defaults to 'None', which translates to the root path of the SourceRef. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster) + type: string + targetNamespace: + description: |- + TargetNamespace sets or overrides the namespace in the + kustomization.yaml file. + maxLength: 63 + minLength: 1 + type: string + values: + additionalProperties: + type: string + description: |- + Values is a map[string]string type that allows to define a set of key-value pairs. + These key-value pairs can optionally leverage Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + type: object + valuesFrom: + description: |- + ValuesFrom can reference ConfigMap/Secret instances. Within the ConfigMap or Secret data, + it is possible to define key-value pairs. These key-value pairs can optionally leverage + Go templates for further processing. + With Sveltos, you can define key-value pairs where the values can be Go templates. + These templates have access to management cluster information during deployment. This allows + to do more than just replace placeholders. Variables can be used to dynamically + construct values based on other resources or variables within the Kustomize output. + For example, imagine you have a Region key with a template value like: + '{{ index .Cluster.metadata.labels "region" }}'. + This template retrieves the region label from the cluster instance metadata. + Finally, Sveltos uses these processed values to fill placeholders in the Kustomize output. + The output itself can also contain templates, like: + region: '{{ default "west" .Region }}'. + This way, the final output from Kustomize will have the region set dynamically based on + the actual region retrieved earlier. + items: + properties: + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + enum: + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. The Profile namespace will be used. + type: string + required: + - kind + - name + type: object + type: array + required: + - kind + - name + - namespace + type: object + type: array + maxUpdate: + anyOf: + - type: integer + - type: string + description: |- + The maximum number of clusters that can be updated concurrently. + Value can be an absolute number (ex: 5) or a percentage of desired cluster (ex: 10%). + Defaults to 100%. + Example: when this is set to 30%, when list of add-ons/applications in ClusterProfile + changes, only 30% of matching clusters will be updated in parallel. Only when updates + in those cluster succeed, other matching clusters are updated. + pattern: ^((100|[0-9]{1,2})%|[0-9]+)$ + x-kubernetes-int-or-string: true + patches: + description: |- + Define additional Kustomize inline Patches applied for all resources on this profile + Within the Patch Spec you can use templating + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + policyRefs: + description: |- + PolicyRefs references all the ConfigMaps/Secrets/Flux Sources containing kubernetes resources + that need to be deployed in the matching managed clusters. + The values contained in those resources can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + items: + properties: + deploymentType: + default: Remote + description: |- + DeploymentType indicates whether resources need to be deployed + into the management cluster (local) or the managed cluster (remote) + enum: + - Local + - Remote + type: string + kind: + description: |- + Kind of the resource. Supported kinds are: + - ConfigMap/Secret + - flux GitRepository;OCIRepository;Bucket + enum: + - GitRepository + - OCIRepository + - Bucket + - ConfigMap + - Secret + type: string + name: + description: |- + Name of the referenced resource. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + For Profile namespace must be left empty. Profile namespace will be used. + type: string + path: + description: |- + Path to the directory containing the YAML files. + Defaults to 'None', which translates to the root path of the SourceRef. + Used only for GitRepository;OCIRepository;Bucket + type: string + required: + - kind + - name + type: object + type: array + reloader: + default: false + description: |- + Reloader indicates whether Deployment/StatefulSet/DaemonSet instances deployed + by Sveltos and part of this ClusterProfile need to be restarted via rolling upgrade + when a ConfigMap/Secret instance mounted as volume is modified. + When set to true, when any mounted ConfigMap/Secret is modified, Sveltos automatically + starts a rolling upgrade for Deployment/StatefulSet/DaemonSet instances mounting it. + type: boolean + setRefs: + description: |- + SetRefs identifies referenced (cluster)Sets. + - ClusterProfile can reference ClusterSet; + - Profile can reference Set; + items: + type: string + type: array + stopMatchingBehavior: + default: WithdrawPolicies + description: |- + StopMatchingBehavior indicates what behavior should be when a Cluster stop matching + the ClusterProfile. By default all deployed Helm charts and Kubernetes resources will + be withdrawn from Cluster. Setting StopMatchingBehavior to LeavePolicies will instead + leave ClusterProfile deployed policies in the Cluster. + type: string + syncMode: + default: Continuous + description: |- + SyncMode specifies how features are synced in a matching workload cluster. + - OneTime means, first time a workload cluster matches the ClusterProfile, + features will be deployed in such cluster. Any subsequent feature configuration + change won't be applied into the matching workload clusters; + - Continuous means first time a workload cluster matches the ClusterProfile, + features will be deployed in such a cluster. Any subsequent feature configuration + change will be applied into the matching workload clusters. + - DryRun means no change will be propagated to any matching cluster. A report + instead will be generated summarizing what would happen in any matching cluster + because of the changes made to ClusterProfile while in DryRun mode. + enum: + - OneTime + - Continuous + - ContinuousWithDriftDetection + - DryRun + type: string + templateResourceRefs: + description: |- + TemplateResourceRefs is a list of resource to collect from the management cluster. + Those resources' values will be used to instantiate templates + items: + properties: + identifier: + description: |- + Identifier is how the resource will be referred to in the + template + type: string + resource: + description: |- + Resource references a Kubernetes instance in the management + cluster to fetch and use during template instantiation. + For ClusterProfile namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + Name can be expressed as a template and instantiate using + - cluster namespace: .Cluster.metadata.namespace + - cluster name: .Cluster.metadata.name + - cluster type: .Cluster.kind + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + required: + - identifier + - resource + type: object + type: array + x-kubernetes-list-map-keys: + - identifier + x-kubernetes-list-type: map + tier: + default: 100 + description: |- + Tier controls the order of deployment for ClusterProfile or Profile resources targeting + the same cluster resources. + Imagine two configurations (ClusterProfiles or Profiles) trying to deploy the same resource (a Kubernetes + resource or an helm chart). By default, the first one to reach the cluster "wins" and deploys it. + Tier allows you to override this. When conflicts arise, the ClusterProfile or Profile with the **lowest** + Tier value takes priority and deploys the resource. + Higher Tier values represent lower priority. The default Tier value is 100. + Using Tiers provides finer control over resource deployment within your cluster, particularly useful + when multiple configurations manage the same resources. + format: int32 + minimum: 1 + type: integer + validateHealths: + description: |- + ValidateHealths is a slice of Lua functions to run against + the managed cluster to validate the state of those add-ons/applications + is healthy + items: + properties: + featureID: + description: |- + FeatureID is an indentifier of the feature (Helm/Kustomize/Resources) + This field indicates when to run this check. + For instance: + - if set to Helm this check will be run after all helm + charts specified in the ClusterProfile are deployed. + - if set to Resources this check will be run after the content + of all the ConfigMaps/Secrets referenced by ClusterProfile in the + PolicyRef sections is deployed + enum: + - Resources + - Helm + - Kustomize + type: string + group: + description: Group of the resource to fetch in the managed Cluster. + type: string + kind: + description: Kind of the resource to fetch in the managed Cluster. + minLength: 1 + type: string + labelFilters: + description: LabelFilters allows to filter resources based on + current labels. + items: + properties: + key: + description: Key is the label key + type: string + operation: + description: Operation is the comparison operation + enum: + - Equal + - Different + type: string + value: + description: Value is the label value + type: string + required: + - key + - operation + - value + type: object + type: array + name: + description: Name is the name of this check + type: string + namespace: + description: |- + Namespace of the resource to fetch in the managed Cluster. + Empty for resources scoped at cluster level. + type: string + script: + description: |- + Script is a text containing a lua script. + Must return struct with field "health" + representing whether object is a match (true or false) + type: string + version: + description: Version of the resource to fetch in the managed + Cluster. + type: string + required: + - featureID + - group + - kind + - name + - version + type: object + type: array + type: object + status: + description: Status defines the observed state of ClusterProfile/Profile + properties: + matchingClusters: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterProfile ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + updatedClusters: + description: |- + UpdatedClusters contains information all the cluster currently matching + ClusterProfile ClusterSelector and already updated to latest ClusterProfile + Spec + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + updatingClusters: + description: |- + UpdatingClusters reference all the cluster currently matching + ClusterProfile ClusterSelector and being updated + properties: + clusters: + description: |- + Clusters reference all the clusters currently matching + ClusterProfile ClusterSelector and already updated/being updated + to ClusterProfile Spec + items: + description: ObjectReference contains enough information to + let you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + hash: + description: |- + Hash represents of a unique value for ClusterProfile Spec at + a fixed point in time + format: byte + type: string + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/reloader-crd.yaml b/templates/projectsveltos/crds/reloader-crd.yaml new file mode 100644 index 000000000..0ce30c544 --- /dev/null +++ b/templates/projectsveltos/crds/reloader-crd.yaml @@ -0,0 +1,133 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: reloaders.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: Reloader + listKind: ReloaderList + plural: reloaders + singular: reloader + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Reloader is the Schema for the Reloader API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ReloaderSpec defines the desired state of Reloader + properties: + reloaderInfo: + items: + description: |- + ReloaderInfo represents a resource that need to be reloaded + if any mounted ConfigMap/Secret changes. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Deployment + StatefulSet DaemonSet.' + enum: + - Deployment + - StatefulSet + - DaemonSet + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: Namespace of the referenced resource. + minLength: 1 + type: string + value: + type: string + required: + - kind + - name + - namespace + type: object + type: array + type: object + type: object + served: true + storage: false + - name: v1beta1 + schema: + openAPIV3Schema: + description: Reloader is the Schema for the Reloader API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ReloaderSpec defines the desired state of Reloader + properties: + reloaderInfo: + items: + description: |- + ReloaderInfo represents a resource that need to be reloaded + if any mounted ConfigMap/Secret changes. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Deployment + StatefulSet DaemonSet.' + enum: + - Deployment + - StatefulSet + - DaemonSet + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: Namespace of the referenced resource. + minLength: 1 + type: string + value: + type: string + required: + - kind + - name + - namespace + type: object + type: array + type: object + type: object + served: true + storage: true diff --git a/templates/projectsveltos/crds/reloaderreport-crd.yaml b/templates/projectsveltos/crds/reloaderreport-crd.yaml new file mode 100644 index 000000000..8db0f3513 --- /dev/null +++ b/templates/projectsveltos/crds/reloaderreport-crd.yaml @@ -0,0 +1,201 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: reloaderreports.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: ReloaderReport + listKind: ReloaderReportList + plural: reloaderreports + singular: reloaderreport + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ReloaderReport is the Schema for the ReloaderReport API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: |- + ClusterName is the name of the Cluster this ReloaderReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + ReloaderReport is for. + type: string + clusterType: + description: |- + ClusterType is the type of Cluster this ReloaderReport + is for. + type: string + resourcesToReload: + description: |- + ResourcesToReload contains a list of resources that requires + rolling upgrade + items: + description: |- + ReloaderInfo represents a resource that need to be reloaded + if any mounted ConfigMap/Secret changes. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Deployment + StatefulSet DaemonSet.' + enum: + - Deployment + - StatefulSet + - DaemonSet + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: Namespace of the referenced resource. + minLength: 1 + type: string + value: + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - clusterName + - clusterNamespace + - clusterType + type: object + status: + description: ReloaderReportStatus defines the observed state of ReloaderReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ReloaderReport is the Schema for the ReloaderReport API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterName: + description: |- + ClusterName is the name of the Cluster this ReloaderReport + is for. + type: string + clusterNamespace: + description: |- + ClusterNamespace is the namespace of the Cluster this + ReloaderReport is for. + type: string + clusterType: + description: |- + ClusterType is the type of Cluster this ReloaderReport + is for. + type: string + resourcesToReload: + description: |- + ResourcesToReload contains a list of resources that requires + rolling upgrade + items: + description: |- + ReloaderInfo represents a resource that need to be reloaded + if any mounted ConfigMap/Secret changes. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Deployment + StatefulSet DaemonSet.' + enum: + - Deployment + - StatefulSet + - DaemonSet + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: Namespace of the referenced resource. + minLength: 1 + type: string + value: + type: string + required: + - kind + - name + - namespace + type: object + type: array + required: + - clusterName + - clusterNamespace + - clusterType + type: object + status: + description: ReloaderReportStatus defines the observed state of ReloaderReport + properties: + phase: + description: Phase represents the current phase of report. + enum: + - WaitingForDelivery + - Delivering + - Processed + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/resourcesummary-crd.yaml b/templates/projectsveltos/crds/resourcesummary-crd.yaml new file mode 100644 index 000000000..7eda310da --- /dev/null +++ b/templates/projectsveltos/crds/resourcesummary-crd.yaml @@ -0,0 +1,749 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: resourcesummaries.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: ResourceSummary + listKind: ResourceSummaryList + plural: resourcesummaries + singular: resourcesummary + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ResourceSummary is the Schema for the ResourceSummary API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ResourceSummarySpec defines the desired state of ResourceSummary + properties: + chartResources: + description: Resources deployed by ClusterSummary because of referenced + Helm charts + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + group: + description: Resources deployed by ClusterSummary because of + helm charts + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + required: + - chartName + - releaseName + - releaseNamespace + type: object + type: array + kustomizeResources: + description: |- + KustomizeResources deployed by ClusterSummary because of referenced + KustomizationRef + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + patches: + description: |- + Defines additional inline patches specifically designed to exclude certain fields from + configuration drift evaluation. + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + resources: + description: Resources deployed by ClusterSummary because of referenced + ConfigMaps/Secrets + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + type: object + status: + description: ResourceSummaryStatus defines the status of ResourceSummary + properties: + helmResourceHashes: + description: HelmResourceHashes specifies list of resource plus hash. + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + hash: + description: Hash is the hash of a resource's data. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + helmResourcesChanged: + description: Helm Resources changed. + type: boolean + kustomizeResourceHashes: + description: KustomizeResourceHashes specifies a list of resource + plus hash + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + hash: + description: Hash is the hash of a resource's data. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + kustomizeResourcesChanged: + description: KustomizeResources changed. + type: boolean + resourceHashes: + description: ResourceHashes specifies a list of resource plus hash + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + hash: + description: Hash is the hash of a resource's data. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + resourcesChanged: + description: Resources changed. + type: boolean + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: ResourceSummary is the Schema for the ResourceSummary API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ResourceSummarySpec defines the desired state of ResourceSummary + properties: + chartResources: + description: Resources deployed by ClusterSummary because of referenced + Helm charts + items: + properties: + chartName: + description: ChartName is the chart name + minLength: 1 + type: string + group: + description: Resources deployed by ClusterSummary because of + helm charts + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + releaseName: + description: ReleaseName is the chart release + minLength: 1 + type: string + releaseNamespace: + description: ReleaseNamespace is the namespace release will + be installed + minLength: 1 + type: string + required: + - chartName + - releaseName + - releaseNamespace + type: object + type: array + kustomizeResources: + description: |- + KustomizeResources deployed by ClusterSummary because of referenced + KustomizationRef + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + patches: + description: |- + Defines additional inline patches specifically designed to exclude certain fields from + configuration drift evaluation. + items: + description: |- + Patch contains an inline StrategicMerge or JSON6902 patch, and the target the patch should + be applied to. + properties: + patch: + description: |- + Patch contains an inline StrategicMerge patch or an inline JSON6902 patch with + an array of operation objects. + These values can be static or leverage Go templates for dynamic customization. + When expressed as templates, the values are filled in using information from + resources within the management cluster before deployment (Cluster and TemplateResourceRefs) + type: string + target: + description: Target points to the resources that the patch document + should be applied to. + properties: + annotationSelector: + description: |- + AnnotationSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource annotations. + type: string + group: + description: |- + Group is the API group to select resources from. + Together with Version and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + kind: + description: |- + Kind of the API Group to select resources from. + Together with Group and Version it is capable of unambiguously + identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + labelSelector: + description: |- + LabelSelector is a string that follows the label selection expression + https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#api + It matches with the resource labels. + type: string + name: + description: Name to match resources with. + type: string + namespace: + description: Namespace to select resources from. + type: string + version: + description: |- + Version of the API Group to select resources from. + Together with Group and Kind it is capable of unambiguously identifying and/or selecting resources. + https://github.com/kubernetes/community/blob/master/contributors/design-proposals/api-machinery/api-group.md + type: string + type: object + required: + - patch + type: object + type: array + resources: + description: Resources deployed by ClusterSummary because of referenced + ConfigMaps/Secrets + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + type: object + status: + description: ResourceSummaryStatus defines the status of ResourceSummary + properties: + helmResourceHashes: + description: HelmResourceHashes specifies list of resource plus hash. + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + hash: + description: Hash is the hash of a resource's data. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + helmResourcesChanged: + description: Helm Resources changed. + type: boolean + kustomizeResourceHashes: + description: KustomizeResourceHashes specifies a list of resource + plus hash + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + hash: + description: Hash is the hash of a resource's data. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + kustomizeResourcesChanged: + description: KustomizeResources changed. + type: boolean + resourceHashes: + description: ResourceHashes specifies a list of resource plus hash + items: + properties: + group: + description: Group of the resource deployed in the Cluster. + type: string + hash: + description: Hash is the hash of a resource's data. + type: string + ignoreForConfigurationDrift: + default: false + description: |- + IgnoreForConfigurationDrift indicates to not track resource + for configuration drift detection. + type: boolean + kind: + description: Kind of the resource deployed in the Cluster. + minLength: 1 + type: string + name: + description: Name of the resource deployed in the Cluster. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the resource deployed in the Cluster. + Empty for resources scoped at cluster level. + type: string + version: + description: Version of the resource deployed in the Cluster. + type: string + required: + - group + - ignoreForConfigurationDrift + - kind + - name + - version + type: object + type: array + resourcesChanged: + description: Resources changed. + type: boolean + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/rolerequest-crd.yaml b/templates/projectsveltos/crds/rolerequest-crd.yaml new file mode 100644 index 000000000..c15f26c5d --- /dev/null +++ b/templates/projectsveltos/crds/rolerequest-crd.yaml @@ -0,0 +1,504 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + name: rolerequests.lib.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: lib.projectsveltos.io + names: + kind: RoleRequest + listKind: RoleRequestList + plural: rolerequests + singular: rolerequest + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: RoleRequest is the Schema for the rolerequest API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RoleRequestSpec defines the desired state of RoleRequest + properties: + clusterSelector: + description: |- + ClusterSelector identifies clusters where permissions requestes + in this instance will be granted (Deprecated use selector instead) + type: string + expirationSeconds: + description: |- + ExpirationSeconds is the requested duration of validity of the TokenRequest + associated to ServiceAccount. If not specified, default value is used + format: int64 + type: integer + roleRefs: + description: |- + RoleRefs references all the Secret/ConfigMaps containing kubernetes + Roles/ClusterRoles that need to be deployed in the matching clusters. + items: + description: |- + PolicyRef specifies a resource containing one or more policy + to deploy in matching Clusters. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + Namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + type: string + required: + - kind + - name + - namespace + type: object + type: array + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount representing a tenant admin for which + those permissions are requested + type: string + serviceAccountNamespace: + description: |- + ServiceAccountNamespace is the name of the ServiceAccount representing a tenant admin + for which those permissions are requested + type: string + required: + - clusterSelector + - serviceAccountName + - serviceAccountNamespace + type: object + status: + description: RoleRequestStatus defines the status of RoleRequest + properties: + clusterInfo: + description: |- + ClusterInfo represents the hash of the ClusterRoles/Roles deployed in + a matching cluster for the admin. + items: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + type: array + failureMessage: + description: FailureMessage provides more information if an error + occurs. + type: string + matchingClusters: + description: |- + MatchingClusterRefs reference all the cluster currently matching + RoleRequest ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: RoleRequest is the Schema for the rolerequest API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: RoleRequestSpec defines the desired state of RoleRequest + properties: + clusterSelector: + description: Selector identifies clusters to associate to. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + expirationSeconds: + description: |- + ExpirationSeconds is the requested duration of validity of the TokenRequest + associated to ServiceAccount. If not specified, default value is used + format: int64 + type: integer + roleRefs: + description: |- + RoleRefs references all the Secret/ConfigMaps containing kubernetes + Roles/ClusterRoles that need to be deployed in the matching clusters. + items: + description: |- + PolicyRef specifies a resource containing one or more policy + to deploy in matching Clusters. + properties: + kind: + description: 'Kind of the resource. Supported kinds are: Secrets + and ConfigMaps.' + enum: + - Secret + - ConfigMap + type: string + name: + description: Name of the referenced resource. + minLength: 1 + type: string + namespace: + description: |- + Namespace of the referenced resource. + Namespace can be left empty. In such a case, namespace will + be implicit set to cluster's namespace. + type: string + required: + - kind + - name + - namespace + type: object + type: array + serviceAccountName: + description: |- + ServiceAccountName is the name of the ServiceAccount representing a tenant admin for which + those permissions are requested + type: string + serviceAccountNamespace: + description: |- + ServiceAccountNamespace is the name of the ServiceAccount representing a tenant admin + for which those permissions are requested + type: string + required: + - serviceAccountName + - serviceAccountNamespace + type: object + status: + description: RoleRequestStatus defines the status of RoleRequest + properties: + clusterInfo: + description: |- + ClusterInfo represents the hash of the ClusterRoles/Roles deployed in + a matching cluster for the admin. + items: + properties: + cluster: + description: Cluster references the Cluster + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + failureMessage: + description: FailureMessage provides more information about + the error. + type: string + hash: + description: |- + Hash represents the hash of the Classifier currently deployed + in the Cluster + format: byte + type: string + status: + description: Status represents the state of the feature in the + workload cluster + enum: + - Provisioning + - Provisioned + - Failed + - Removing + - Removed + type: string + required: + - cluster + - hash + type: object + type: array + failureMessage: + description: FailureMessage provides more information if an error + occurs. + type: string + matchingClusters: + description: |- + MatchingClusterRefs reference all the cluster currently matching + RoleRequest ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/set-crd.yaml b/templates/projectsveltos/crds/set-crd.yaml new file mode 100644 index 000000000..517b4530c --- /dev/null +++ b/templates/projectsveltos/crds/set-crd.yaml @@ -0,0 +1,444 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + cert-manager.io/inject-ca-from: projectsveltos/projectsveltos-serving-cert + controller-gen.kubebuilder.io/version: v0.16.1 + name: sets.lib.projectsveltos.io +spec: + conversion: + strategy: Webhook + webhook: + clientConfig: + service: + name: webhook-service + namespace: projectsveltos + path: /convert + conversionReviewVersions: + - v1 + group: lib.projectsveltos.io + names: + kind: Set + listKind: SetList + plural: sets + singular: set + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: Set is the Schema for the sets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to (Deprecated + use selector instead). + type: string + maxReplicas: + description: |- + MaxReplicas specifies the maximum number of clusters to be selected + from the pool matching the clusterSelector. + type: integer + type: object + status: + description: Status defines the observed state of ClusterSet/Set + properties: + matchingClusterRefs: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterSet/Set ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + selectedClusterRefs: + description: |- + SelectedClusters reference all the cluster currently selected among + all the ones matching + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: false + subresources: + status: {} + - name: v1beta1 + schema: + openAPIV3Schema: + description: Set is the Schema for the sets API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + clusterRefs: + description: ClusterRefs identifies clusters to associate to. + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + clusterSelector: + description: ClusterSelector identifies clusters to associate to + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. + type: string + values: + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + x-kubernetes-list-type: atomic + required: + - key + - operator + type: object + type: array + x-kubernetes-list-type: atomic + matchLabels: + additionalProperties: + type: string + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + maxReplicas: + description: |- + MaxReplicas specifies the maximum number of clusters to be selected + from the pool matching the clusterSelector. + type: integer + type: object + status: + description: Status defines the observed state of ClusterSet/Set + properties: + matchingClusterRefs: + description: |- + MatchingClusterRefs reference all the clusters currently matching + ClusterSet/Set ClusterSelector + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + selectedClusterRefs: + description: |- + SelectedClusters reference all the cluster currently selected among + all the ones matching + items: + description: ObjectReference contains enough information to let + you inspect or modify the referred object. + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: |- + If referring to a piece of an object instead of an entire object, this string + should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container within a pod, this would take on a value like: + "spec.containers{name}" (where "name" refers to the name of the container that triggered + the event) or if no container name is specified "spec.containers[2]" (container with + index 2 in this pod). This syntax is chosen only to have some well-defined way of + referencing a part of an object. + type: string + kind: + description: |- + Kind of the referent. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + name: + description: |- + Name of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + namespace: + description: |- + Namespace of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/ + type: string + resourceVersion: + description: |- + Specific resourceVersion to which this reference is made, if any. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency + type: string + uid: + description: |- + UID of the referent. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids + type: string + type: object + x-kubernetes-map-type: atomic + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/crds/sveltoscluster-crd.yaml b/templates/projectsveltos/crds/sveltoscluster-crd.yaml new file mode 100644 index 000000000..57ca16667 --- /dev/null +++ b/templates/projectsveltos/crds/sveltoscluster-crd.yaml @@ -0,0 +1,291 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.1 + name: sveltosclusters.lib.projectsveltos.io +spec: + group: lib.projectsveltos.io + names: + kind: SveltosCluster + listKind: SveltosClusterList + plural: sveltosclusters + singular: sveltoscluster + scope: Namespaced + versions: + - additionalPrinterColumns: + - description: Indicates whether cluster is ready to be managed by sveltos + jsonPath: .status.ready + name: Ready + type: boolean + - description: Kubernetes version associated with this Cluster + jsonPath: .status.version + name: Version + type: string + name: v1alpha1 + schema: + openAPIV3Schema: + description: SveltosCluster is the Schema for the SveltosCluster API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SveltosClusterSpec defines the desired state of SveltosCluster + properties: + activeWindow: + description: |- + ActiveWindow is an optional field for automatically pausing and unpausing + the cluster. + If not specified, the cluster will not be paused or unpaused automatically. + properties: + from: + description: |- + From in Cron format, see https://en.wikipedia.org/wiki/Cron. + Indicates when to un-pause the cluster (cluster in paused state receives no update from sveltos). + minLength: 1 + type: string + to: + description: |- + To in Cron format, see https://en.wikipedia.org/Cron. + Indicates when to pause the cluster (cluster in paused state receives no update from sveltos). + minLength: 1 + type: string + required: + - from + - to + type: object + consecutiveFailureThreshold: + default: 3 + description: |- + ConsecutiveFailureThreshold is the maximum number of consecutive connection + failures before setting the problem status in Status.ConnectionStatus + type: integer + data: + additionalProperties: + type: string + description: ArbitraryData allows for arbitrary nested structures + type: object + kubeconfigName: + description: |- + KubeconfigName allows overriding the default Sveltos convention which expected a valid kubeconfig + to be hosted in a secret with the pattern ${sveltosClusterName}-sveltos-kubeconfig. + + When a value is specified, the referenced Kubernetes Secret object must exist, + and will be used to connect to the Kubernetes cluster. + type: string + paused: + description: |- + Paused can be used to prevent controllers from processing the + SveltosCluster and all its associated objects. + type: boolean + tokenRequestRenewalOption: + description: TokenRequestRenewalOption contains options describing + how to renew TokenRequest + properties: + renewTokenRequestInterval: + description: RenewTokenRequestInterval is the interval at which + to renew the TokenRequest + type: string + required: + - renewTokenRequestInterval + type: object + type: object + status: + description: SveltosClusterStatus defines the status of SveltosCluster + properties: + connectionFailures: + description: |- + connectionFailures is the number of consecutive failed attempts to connect + to the remote cluster. + type: integer + connectionStatus: + description: |- + ConnectionStatus indicates whether connection from the management cluster + to the managed cluster is healthy + enum: + - Healthy + - Down + type: string + failureMessage: + description: |- + FailureMessage is a human consumable message explaining the + misconfiguration + type: string + lastReconciledTokenRequestAt: + description: |- + LastReconciledTokenRequestAt is the last time the TokenRequest + was renewed. + type: string + nextPause: + description: Information when next pause cluster is scheduled + format: date-time + type: string + nextUnpause: + description: Information when next unpause cluster is scheduled + format: date-time + type: string + ready: + description: Ready is the state of the cluster. + type: boolean + version: + description: The Kubernetes version of the cluster. + type: string + type: object + type: object + served: true + storage: false + subresources: + status: {} + - additionalPrinterColumns: + - description: Indicates whether cluster is ready to be managed by sveltos + jsonPath: .status.ready + name: Ready + type: boolean + - description: Kubernetes version associated with this Cluster + jsonPath: .status.version + name: Version + type: string + name: v1beta1 + schema: + openAPIV3Schema: + description: SveltosCluster is the Schema for the SveltosCluster API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: SveltosClusterSpec defines the desired state of SveltosCluster + properties: + activeWindow: + description: |- + ActiveWindow is an optional field for automatically pausing and unpausing + the cluster. + If not specified, the cluster will not be paused or unpaused automatically. + properties: + from: + description: |- + From in Cron format, see https://en.wikipedia.org/wiki/Cron. + Indicates when to un-pause the cluster (cluster in paused state receives no update from sveltos). + minLength: 1 + type: string + to: + description: |- + To in Cron format, see https://en.wikipedia.org/Cron. + Indicates when to pause the cluster (cluster in paused state receives no update from sveltos). + minLength: 1 + type: string + required: + - from + - to + type: object + consecutiveFailureThreshold: + default: 3 + description: |- + ConsecutiveFailureThreshold is the maximum number of consecutive connection + failures before setting the problem status in Status.ConnectionStatus + type: integer + data: + additionalProperties: + type: string + description: ArbitraryData allows for arbitrary nested structures + type: object + kubeconfigName: + description: |- + KubeconfigName allows overriding the default Sveltos convention which expected a valid kubeconfig + to be hosted in a secret with the pattern ${sveltosClusterName}-sveltos-kubeconfig. + + When a value is specified, the referenced Kubernetes Secret object must exist, + and will be used to connect to the Kubernetes cluster. + type: string + paused: + description: |- + Paused can be used to prevent controllers from processing the + SveltosCluster and all its associated objects. + type: boolean + tokenRequestRenewalOption: + description: TokenRequestRenewalOption contains options describing + how to renew TokenRequest + properties: + renewTokenRequestInterval: + description: RenewTokenRequestInterval is the interval at which + to renew the TokenRequest + type: string + required: + - renewTokenRequestInterval + type: object + type: object + status: + description: SveltosClusterStatus defines the status of SveltosCluster + properties: + connectionFailures: + description: |- + connectionFailures is the number of consecutive failed attempts to connect + to the remote cluster. + type: integer + connectionStatus: + description: |- + ConnectionStatus indicates whether connection from the management cluster + to the managed cluster is healthy + enum: + - Healthy + - Down + type: string + failureMessage: + description: |- + FailureMessage is a human consumable message explaining the + misconfiguration + type: string + lastReconciledTokenRequestAt: + description: |- + LastReconciledTokenRequestAt is the last time the TokenRequest + was renewed. + type: string + nextPause: + description: Information when next pause cluster is scheduled + format: date-time + type: string + nextUnpause: + description: Information when next unpause cluster is scheduled + format: date-time + type: string + ready: + description: Ready is the state of the cluster. + type: boolean + version: + description: The Kubernetes version of the cluster. + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/templates/projectsveltos/templates/_helpers.tpl b/templates/projectsveltos/templates/_helpers.tpl new file mode 100644 index 000000000..c3541a170 --- /dev/null +++ b/templates/projectsveltos/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "projectsveltos.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "projectsveltos.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "projectsveltos.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "projectsveltos.labels" -}} +helm.sh/chart: {{ include "projectsveltos.chart" . }} +{{ include "projectsveltos.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "projectsveltos.selectorLabels" -}} +app.kubernetes.io/name: {{ include "projectsveltos.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "projectsveltos.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "projectsveltos.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/templates/projectsveltos/templates/access-manager-rbac.yaml b/templates/projectsveltos/templates/access-manager-rbac.yaml new file mode 100644 index 000000000..459c56f38 --- /dev/null +++ b/templates/projectsveltos/templates/access-manager-rbac.yaml @@ -0,0 +1,145 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: access-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + - serviceaccounts + - serviceaccounts/token + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - accessrequests + verbs: + - get + - list + - patch + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - accessrequests/finalizers + - rolerequests/finalizers + verbs: + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - accessrequests/status + - rolerequests/status + verbs: + - get + - patch + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - classifierreports + - eventreports + - healthcheckreports + verbs: + - create + - get + - list + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + - sveltosclusters + - sveltosclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - rolerequests + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - rbac.authorization.k8s.io + resources: + - rolebindings + - roles + verbs: + - create + - delete + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: access-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'access-manager-role' +subjects: +- kind: ServiceAccount + name: 'access-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clusterconfiguration-editor-rbac.yaml b/templates/projectsveltos/templates/addon-clusterconfiguration-editor-rbac.yaml new file mode 100644 index 000000000..5ce88544f --- /dev/null +++ b/templates/projectsveltos/templates/addon-clusterconfiguration-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clusterconfiguration-editor-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clusterconfigurations + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterconfigurations/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clusterconfiguration-viewer-rbac.yaml b/templates/projectsveltos/templates/addon-clusterconfiguration-viewer-rbac.yaml new file mode 100644 index 000000000..162e3c59f --- /dev/null +++ b/templates/projectsveltos/templates/addon-clusterconfiguration-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clusterconfiguration-viewer-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clusterconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterconfigurations/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clusterprofile-editor-rbac.yaml b/templates/projectsveltos/templates/addon-clusterprofile-editor-rbac.yaml new file mode 100644 index 000000000..f40f438ba --- /dev/null +++ b/templates/projectsveltos/templates/addon-clusterprofile-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clusterprofile-editor-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clusterprofile-viewer-rbac.yaml b/templates/projectsveltos/templates/addon-clusterprofile-viewer-rbac.yaml new file mode 100644 index 000000000..08441105b --- /dev/null +++ b/templates/projectsveltos/templates/addon-clusterprofile-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clusterprofile-viewer-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clusterreport-editor-rbac.yaml b/templates/projectsveltos/templates/addon-clusterreport-editor-rbac.yaml new file mode 100644 index 000000000..a3fdb4f90 --- /dev/null +++ b/templates/projectsveltos/templates/addon-clusterreport-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clusterreport-editor-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clusterreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterreports/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clusterreport-viewer-rbac.yaml b/templates/projectsveltos/templates/addon-clusterreport-viewer-rbac.yaml new file mode 100644 index 000000000..e88ec8fcb --- /dev/null +++ b/templates/projectsveltos/templates/addon-clusterreport-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clusterreport-viewer-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clusterreports + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterreports/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clustersummary-editor-rbac.yaml b/templates/projectsveltos/templates/addon-clustersummary-editor-rbac.yaml new file mode 100644 index 000000000..7673385c8 --- /dev/null +++ b/templates/projectsveltos/templates/addon-clustersummary-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clustersummary-editor-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clustersummaries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clustersummaries/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-clustersummary-viewer-rbac.yaml b/templates/projectsveltos/templates/addon-clustersummary-viewer-rbac.yaml new file mode 100644 index 000000000..849b6ee75 --- /dev/null +++ b/templates/projectsveltos/templates/addon-clustersummary-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-clustersummary-viewer-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - clustersummaries + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clustersummaries/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-controller-rbac.yaml b/templates/projectsveltos/templates/addon-controller-rbac.yaml new file mode 100644 index 000000000..948fe1a9b --- /dev/null +++ b/templates/projectsveltos/templates/addon-controller-rbac.yaml @@ -0,0 +1,211 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-controller-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - '*' + resources: + - '*' + verbs: + - get + - impersonate + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterconfigurations + - clusterreports + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterconfigurations/status + - clusterreports/status + verbs: + - get + - list + - update +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles + - profiles + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles/finalizers + - clustersummaries/finalizers + - profiles/finalizers + verbs: + - patch + - update +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles/status + - clustersummaries/status + - profiles/status + verbs: + - get + - patch + - update +- apiGroups: + - config.projectsveltos.io + resources: + - clustersummaries + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - controlplane.cluster.x-k8s.io + resources: + - kubeadmcontrolplanes + verbs: + - get + - list + - watch +- apiGroups: + - extension.projectsveltos.io + resources: + - jsonnetsources + - yttsources + verbs: + - get + - list + - watch +- apiGroups: + - infrastructure.cluster.x-k8s.io + resources: + - '*' + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - clustersets + - sets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - clustersets/finalizers + - sets/finalizers + verbs: + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - clustersets/status + - sets/status + verbs: + - get + - patch + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + - sveltosclusters + - sveltosclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - source.toolkit.fluxcd.io + resources: + - buckets + - buckets/status + - gitrepositories + - gitrepositories/status + - ocirepositories + - ocirepositories/status + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: addon-controller-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'addon-controller-role' +subjects: +- kind: ServiceAccount + name: 'addon-controller' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-controller-role-dtm-in-mgmt-cluster-rbac.yaml b/templates/projectsveltos/templates/addon-controller-role-dtm-in-mgmt-cluster-rbac.yaml new file mode 100644 index 000000000..489ad442b --- /dev/null +++ b/templates/projectsveltos/templates/addon-controller-role-dtm-in-mgmt-cluster-rbac.yaml @@ -0,0 +1,21 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: addon-controller-role-dtm-in-mgmt-cluster + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +{{ end }} diff --git a/templates/projectsveltos/templates/addon-controller-role-extra-rbac.yaml b/templates/projectsveltos/templates/addon-controller-role-extra-rbac.yaml new file mode 100644 index 000000000..576d9748c --- /dev/null +++ b/templates/projectsveltos/templates/addon-controller-role-extra-rbac.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: addon-controller-role-extra + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - create + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-controller-role-extra + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: null \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-controller-rolebinding-extra-rbac.yaml b/templates/projectsveltos/templates/addon-controller-rolebinding-extra-rbac.yaml new file mode 100644 index 000000000..1c103b736 --- /dev/null +++ b/templates/projectsveltos/templates/addon-controller-rolebinding-extra-rbac.yaml @@ -0,0 +1,29 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: addon-controller-rolebinding-extra + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: 'addon-controller-role-extra' +subjects: +- kind: ServiceAccount + name: 'addon-controller' + namespace: '{{ .Release.Namespace }}' +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: addon-controller-rolebinding-extra + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'addon-controller-role-extra' +subjects: +- kind: ServiceAccount + name: 'addon-controller' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-controller-rolebinging-dtm-in-mgmt-cluster-rbac.yaml b/templates/projectsveltos/templates/addon-controller-rolebinging-dtm-in-mgmt-cluster-rbac.yaml new file mode 100644 index 000000000..f1459c882 --- /dev/null +++ b/templates/projectsveltos/templates/addon-controller-rolebinging-dtm-in-mgmt-cluster-rbac.yaml @@ -0,0 +1,16 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: addon-controller-rolebinging-dtm-in-mgmt-cluster + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: 'addon-controller-role-dtm-in-mgmt-cluster' +subjects: +- kind: ServiceAccount + name: 'addon-controller' + namespace: '{{ .Release.Namespace }}' +{{ end }} diff --git a/templates/projectsveltos/templates/addon-profile-editor-rbac.yaml b/templates/projectsveltos/templates/addon-profile-editor-rbac.yaml new file mode 100644 index 000000000..7e06c5781 --- /dev/null +++ b/templates/projectsveltos/templates/addon-profile-editor-rbac.yaml @@ -0,0 +1,28 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-profile-editor-role + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: addon-controller + app.kubernetes.io/part-of: addon-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - profiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - profiles/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/addon-profile-viewer-rbac.yaml b/templates/projectsveltos/templates/addon-profile-viewer-rbac.yaml new file mode 100644 index 000000000..c6a617b1e --- /dev/null +++ b/templates/projectsveltos/templates/addon-profile-viewer-rbac.yaml @@ -0,0 +1,24 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: addon-profile-viewer-role + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: addon-controller + app.kubernetes.io/part-of: addon-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - config.projectsveltos.io + resources: + - profiles + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - profiles/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/classifier-manager-rbac.yaml b/templates/projectsveltos/templates/classifier-manager-rbac.yaml new file mode 100644 index 000000000..b3a5337c3 --- /dev/null +++ b/templates/projectsveltos/templates/classifier-manager-rbac.yaml @@ -0,0 +1,126 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: classifier-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - update + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - accessrequests + - classifiers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - classifierreports + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - classifiers/finalizers + verbs: + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - classifiers/status + verbs: + - get + - patch + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + - sveltosclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters + verbs: + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: classifier-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'classifier-manager-role' +subjects: +- kind: ServiceAccount + name: 'classifier-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/classifier-role-sveltos-agent-in-mgmt-cluster-rbac.yaml b/templates/projectsveltos/templates/classifier-role-sveltos-agent-in-mgmt-cluster-rbac.yaml new file mode 100644 index 000000000..5b99ad2a2 --- /dev/null +++ b/templates/projectsveltos/templates/classifier-role-sveltos-agent-in-mgmt-cluster-rbac.yaml @@ -0,0 +1,21 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: classifier-role-sveltos-agent-in-mgmt-cluster + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - services + verbs: + - '*' +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' +{{ end }} diff --git a/templates/projectsveltos/templates/classifier-rolebinding-sveltos-agent-in-mgmt-cluster-rbac.yaml b/templates/projectsveltos/templates/classifier-rolebinding-sveltos-agent-in-mgmt-cluster-rbac.yaml new file mode 100644 index 000000000..63f622e52 --- /dev/null +++ b/templates/projectsveltos/templates/classifier-rolebinding-sveltos-agent-in-mgmt-cluster-rbac.yaml @@ -0,0 +1,16 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: classifier-rolebinding-sveltos-agent-in-mgmt-cluster + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: 'classifier-role-sveltos-agent-in-mgmt-cluster' +subjects: +- kind: ServiceAccount + name: 'classifier-manager' + namespace: '{{ .Release.Namespace }}' +{{ end }} diff --git a/templates/projectsveltos/templates/default-classifier.yaml b/templates/projectsveltos/templates/default-classifier.yaml new file mode 100644 index 000000000..f73eff4c8 --- /dev/null +++ b/templates/projectsveltos/templates/default-classifier.yaml @@ -0,0 +1,14 @@ +apiVersion: lib.projectsveltos.io/v1beta1 +kind: Classifier +metadata: + name: default-classifier + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "5" + "helm.sh/hook-delete-policy": "hook-failed" +spec: + classifierLabels: + - key: sveltos-agent + value: present diff --git a/templates/projectsveltos/templates/deployment.yaml b/templates/projectsveltos/templates/deployment.yaml new file mode 100644 index 000000000..70ac3f1ee --- /dev/null +++ b/templates/projectsveltos/templates/deployment.yaml @@ -0,0 +1,658 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: addon-controller + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: addon-controller + labels: + control-plane: addon-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.addonController.replicas }} + selector: + matchLabels: + control-plane: addon-controller + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: addon-controller + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: controller + spec: + {{- with .Values.addonController.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.addonController.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: +{{ if .Values.agent.managementCluster }} + - args: {{- toYaml .Values.addonController.controller.argsAgentMgmtCluster | nindent 8 }} +{{ else }} + - args: {{- toYaml .Values.addonController.controller.args | nindent 8 }} +{{ end }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.addonController.controller.image.repository }}:{{ .Values.addonController.controller.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: controller + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.addonController.controller.resources | nindent 10 + }} + securityContext: {{- toYaml .Values.addonController.controller.containerSecurityContext + | nindent 10 }} + volumeMounts: + - mountPath: /tmp + name: tmp + securityContext: + runAsNonRoot: true + serviceAccountName: addon-controller + terminationGracePeriodSeconds: 10 + volumes: + - emptyDir: {} + name: tmp +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: access-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: access-manager + labels: + control-plane: access-manager + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.accessManager.replicas }} + selector: + matchLabels: + control-plane: access-manager + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: access-manager + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + {{- with .Values.accessManager.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.accessManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: {{- toYaml .Values.accessManager.manager.args | nindent 8 }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.accessManager.manager.image.repository }}:{{ .Values.accessManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.accessManager.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.accessManager.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: access-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sc-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sc-manager + labels: + control-plane: sc-manager + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.scManager.replicas }} + selector: + matchLabels: + control-plane: sc-manager + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: sc-manager + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + {{- with .Values.scManager.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.scManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: {{- toYaml .Values.scManager.manager.args | nindent 8 }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.scManager.manager.image.repository }}:{{ .Values.scManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.scManager.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.scManager.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: sc-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: hc-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: hc-manager + labels: + control-plane: hc-manager + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.hcManager.replicas }} + selector: + matchLabels: + control-plane: hc-manager + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: hc-manager + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + {{- with .Values.hcManager.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.hcManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: {{- toYaml .Values.hcManager.manager.args | nindent 8 }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.hcManager.manager.image.repository }}:{{ .Values.hcManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.hcManager.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.hcManager.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: hc-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: event-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: event-manager + labels: + control-plane: event-manager + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.eventManager.replicas }} + selector: + matchLabels: + control-plane: event-manager + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: event-manager + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + {{- with .Values.eventManager.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.eventManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + - args: {{- toYaml .Values.eventManager.manager.args | nindent 8 }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.eventManager.manager.image.repository }}:{{ .Values.eventManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.eventManager.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.eventManager.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: event-manager + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: classifier-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: classifier-manager + labels: + control-plane: classifier + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.classifierManager.replicas }} + selector: + matchLabels: + control-plane: classifier + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: classifier + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + {{- with .Values.classifierManager.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.classifierManager.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: +{{ if .Values.agent.managementCluster }} + - args: {{- toYaml .Values.classifierManager.manager.argsAgentMgmtCluster | nindent 8 }} +{{ else }} + - args: {{- toYaml .Values.classifierManager.manager.args | nindent 8 }} +{{ end }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.classifierManager.manager.image.repository }}:{{ .Values.classifierManager.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.classifierManager.manager.resources | nindent 10 + }} + securityContext: {{- toYaml .Values.classifierManager.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: classifier-manager + terminationGracePeriodSeconds: 10 +--- +{{ if .Values.agent.managementCluster }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: sveltos-agent-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +{{ end }} +--- +{{ if .Values.agent.managementCluster }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: drift-detection-manager + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +{{ end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: shard-controller + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: shard-controller + app.kubernetes.io/part-of: shard-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: shard-controller + labels: + control-plane: shard-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.shardController.replicas }} + selector: + matchLabels: + control-plane: shard-controller + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + control-plane: shard-controller + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: manager + spec: + {{- with .Values.shardController.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.shardController.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + containers: +{{ if .Values.agent.managementCluster }} + - args: {{- toYaml .Values.shardController.manager.argsAgentMgmtCluster | nindent 8 }} +{{ else }} + - args: {{- toYaml .Values.shardController.manager.args | nindent 8 }} +{{ end }} + command: + - /manager + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.shardController.manager.image.repository }}:{{ .Values.shardController.manager.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: manager + ports: + - containerPort: 8443 + name: metrics + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.shardController.manager.resources | nindent 10 }} + securityContext: {{- toYaml .Values.shardController.manager.containerSecurityContext + | nindent 10 }} + securityContext: + runAsNonRoot: true + serviceAccountName: shard-controller + terminationGracePeriodSeconds: 10 +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: register-mgmt-cluster + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: conversion-webhook + labels: + app: sveltos-webhook + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + replicas: {{ .Values.conversionWebhook.replicas }} + selector: + matchLabels: + app: sveltos-webhook + {{- include "projectsveltos.selectorLabels" . | nindent 6 }} + template: + metadata: + labels: + app: sveltos-webhook + {{- include "projectsveltos.selectorLabels" . | nindent 8 }} + annotations: + kubectl.kubernetes.io/default-container: sveltos-webhook + spec: + containers: + - command: + - /conversion-webhook + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.conversionWebhook.sveltosWebhook.image.repository }}:{{ .Values.conversionWebhook.sveltosWebhook.image.tag + | default .Chart.AppVersion }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: healthz + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + name: sveltos-webhook + ports: + - containerPort: 9443 + name: webhook-server + protocol: TCP + - containerPort: 9440 + name: healthz + protocol: TCP + readinessProbe: + failureThreshold: 3 + httpGet: + path: /readyz + port: healthz + scheme: HTTP + initialDelaySeconds: 5 + periodSeconds: 10 + resources: {{- toYaml .Values.conversionWebhook.sveltosWebhook.resources | nindent + 10 }} + securityContext: {{- toYaml .Values.conversionWebhook.sveltosWebhook.containerSecurityContext + | nindent 10 }} + volumeMounts: + - mountPath: /tmp/k8s-webhook-server/serving-certs + name: cert + readOnly: true + securityContext: + runAsNonRoot: true + serviceAccountName: default + terminationGracePeriodSeconds: 10 + volumes: + - name: cert + secret: + defaultMode: 420 + secretName: webhook-server-cert + diff --git a/templates/projectsveltos/templates/drift-detection-manager-rbac.yaml b/templates/projectsveltos/templates/drift-detection-manager-rbac.yaml new file mode 100644 index 000000000..6726e6d14 --- /dev/null +++ b/templates/projectsveltos/templates/drift-detection-manager-rbac.yaml @@ -0,0 +1,48 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: drift-detection-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: drift-detection-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'drift-detection-manager-role' +subjects: +- kind: ServiceAccount + name: 'drift-detection-manager' + namespace: '{{ .Release.Namespace }}' +{{ end }} diff --git a/templates/projectsveltos/templates/drift-detection-metrics-reader-rbac.yaml b/templates/projectsveltos/templates/drift-detection-metrics-reader-rbac.yaml new file mode 100644 index 000000000..0bfbb5fe6 --- /dev/null +++ b/templates/projectsveltos/templates/drift-detection-metrics-reader-rbac.yaml @@ -0,0 +1,13 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: drift-detection-metrics-reader + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- nonResourceURLs: + - /metrics + verbs: + - get +{{ end }} diff --git a/templates/projectsveltos/templates/drift-detection-proxy-rbac.yaml b/templates/projectsveltos/templates/drift-detection-proxy-rbac.yaml new file mode 100644 index 000000000..825d128da --- /dev/null +++ b/templates/projectsveltos/templates/drift-detection-proxy-rbac.yaml @@ -0,0 +1,36 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: drift-detection-proxy-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: drift-detection-proxy-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'drift-detection-proxy-role' +subjects: +- kind: ServiceAccount + name: 'drift-detection-manager' + namespace: '{{ .Release.Namespace }}' +{{ end }} diff --git a/templates/projectsveltos/templates/event-eventtrigger-editor-rbac.yaml b/templates/projectsveltos/templates/event-eventtrigger-editor-rbac.yaml new file mode 100644 index 000000000..5fa28f253 --- /dev/null +++ b/templates/projectsveltos/templates/event-eventtrigger-editor-rbac.yaml @@ -0,0 +1,25 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: event-eventtrigger-editor-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/event-eventtrigger-viewer-rbac.yaml b/templates/projectsveltos/templates/event-eventtrigger-viewer-rbac.yaml new file mode 100644 index 000000000..823a9b173 --- /dev/null +++ b/templates/projectsveltos/templates/event-eventtrigger-viewer-rbac.yaml @@ -0,0 +1,21 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: event-eventtrigger-viewer-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers/status + verbs: + - get \ No newline at end of file diff --git a/templates/projectsveltos/templates/event-manager-rbac.yaml b/templates/projectsveltos/templates/event-manager-rbac.yaml new file mode 100644 index 000000000..072ba2768 --- /dev/null +++ b/templates/projectsveltos/templates/event-manager-rbac.yaml @@ -0,0 +1,130 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: event-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - configmaps + - secrets + verbs: + - '*' +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clusterprofiles + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - clustersets + - clustersets/status + - debuggingconfigurations + - eventsources + - sveltosclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - eventreports + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers/finalizers + verbs: + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - eventtriggers/status + verbs: + - get + - patch + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters + verbs: + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: event-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'event-manager-role' +subjects: +- kind: ServiceAccount + name: 'event-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/fm-controller-manager-metrics-monitor.yaml b/templates/projectsveltos/templates/fm-controller-manager-metrics-monitor.yaml new file mode 100644 index 000000000..bc0dccade --- /dev/null +++ b/templates/projectsveltos/templates/fm-controller-manager-metrics-monitor.yaml @@ -0,0 +1,20 @@ +{{ if .Values.prometheus.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: fm-controller-manager-metrics-monitor + labels: + control-plane: addon-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + endpoints: + - bearerTokenFile: /var/run/secrets/kubernetes.io/serviceaccount/token + path: /metrics + port: https + scheme: https + tlsConfig: + insecureSkipVerify: true + selector: + matchLabels: + control-plane: addon-controller +{{ end }} diff --git a/templates/projectsveltos/templates/hc-manager-rbac.yaml b/templates/projectsveltos/templates/hc-manager-rbac.yaml new file mode 100644 index 000000000..47a77d0ba --- /dev/null +++ b/templates/projectsveltos/templates/hc-manager-rbac.yaml @@ -0,0 +1,138 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: hc-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - events + verbs: + - create + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + - clusters/status + - machines + - machines/status + verbs: + - get + - list + - watch +- apiGroups: + - config.projectsveltos.io + resources: + - clustersummaries + - clustersummaries/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - clusterhealthchecks + - reloaderreports + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - clusterhealthchecks/finalizers + verbs: + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - clusterhealthchecks/status + verbs: + - get + - patch + - update +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + - healthchecks + - sveltosclusters/status + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - healthcheckreports + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters + verbs: + - get + - list + - update + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: hc-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'hc-manager-role' +subjects: +- kind: ServiceAccount + name: 'hc-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/project-selfsigned-issuer.yaml b/templates/projectsveltos/templates/project-selfsigned-issuer.yaml new file mode 100644 index 000000000..dfdc333a7 --- /dev/null +++ b/templates/projectsveltos/templates/project-selfsigned-issuer.yaml @@ -0,0 +1,8 @@ +apiVersion: cert-manager.io/v1 +kind: Issuer +metadata: + name: project-selfsigned-issuer + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + selfSigned: {} \ No newline at end of file diff --git a/templates/projectsveltos/templates/projectsveltos-mutating-webhook-configuration.yaml b/templates/projectsveltos/templates/projectsveltos-mutating-webhook-configuration.yaml new file mode 100644 index 000000000..2e9006913 --- /dev/null +++ b/templates/projectsveltos/templates/projectsveltos-mutating-webhook-configuration.yaml @@ -0,0 +1,20 @@ +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: projectsveltos-mutating-webhook-configuration + annotations: + cert-manager.io/inject-ca-from: {{ .Release.Namespace }}/projectsveltos-serving-cert + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +webhooks: +- admissionReviewVersions: + - v1beta1 + - v1alpha1 + clientConfig: + service: + name: 'webhook-service' + namespace: '{{ .Release.Namespace }}' + path: /mutate-projectsveltos-v1beta1-clusterprofile + failurePolicy: Fail + name: mclusterprofile.projectsveltos.io + sideEffects: None \ No newline at end of file diff --git a/templates/projectsveltos/templates/projectsveltos-serving-cert.yaml b/templates/projectsveltos/templates/projectsveltos-serving-cert.yaml new file mode 100644 index 000000000..70a414b51 --- /dev/null +++ b/templates/projectsveltos/templates/projectsveltos-serving-cert.yaml @@ -0,0 +1,14 @@ +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: projectsveltos-serving-cert + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + dnsNames: + - webhook-service.projectsveltos.svc + - webhook-service.projectsveltos.svc.cluster.local + issuerRef: + kind: Issuer + name: 'project-selfsigned-issuer' + secretName: webhook-server-cert diff --git a/templates/projectsveltos/templates/register-mgmt-cluster-job.yaml b/templates/projectsveltos/templates/register-mgmt-cluster-job.yaml new file mode 100644 index 000000000..199f3eb39 --- /dev/null +++ b/templates/projectsveltos/templates/register-mgmt-cluster-job.yaml @@ -0,0 +1,29 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: register-mgmt-cluster-job + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + backoffLimit: {{ .Values.registerMgmtClusterJob.backoffLimit }} + template: + spec: + containers: + - args: {{- toYaml .Values.registerMgmtClusterJob.registerMgmtCluster.args + | nindent 8 }} + env: + - name: KUBERNETES_CLUSTER_DOMAIN + value: {{ quote .Values.kubernetesClusterDomain }} + image: {{ .Values.registerMgmtClusterJob.registerMgmtCluster.image.repository + }}:{{ .Values.registerMgmtClusterJob.registerMgmtCluster.image.tag | default + .Chart.AppVersion }} + imagePullPolicy: {{ .Values.registerMgmtClusterJob.registerMgmtCluster.imagePullPolicy + }} + name: register-mgmt-cluster + resources: {{- toYaml .Values.registerMgmtClusterJob.registerMgmtCluster.resources + | nindent 10 }} + securityContext: {{- toYaml .Values.registerMgmtClusterJob.registerMgmtCluster.containerSecurityContext + | nindent 10 }} + restartPolicy: Never + serviceAccountName: register-mgmt-cluster + ttlSecondsAfterFinished: 240 \ No newline at end of file diff --git a/templates/projectsveltos/templates/register-mgmt-cluster-rbac.yaml b/templates/projectsveltos/templates/register-mgmt-cluster-rbac.yaml new file mode 100644 index 000000000..99d6300dc --- /dev/null +++ b/templates/projectsveltos/templates/register-mgmt-cluster-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: register-mgmt-cluster-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin +subjects: +- kind: ServiceAccount + name: 'register-mgmt-cluster' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/sc-manager-rbac.yaml b/templates/projectsveltos/templates/sc-manager-rbac.yaml new file mode 100644 index 000000000..3f9045ae6 --- /dev/null +++ b/templates/projectsveltos/templates/sc-manager-rbac.yaml @@ -0,0 +1,71 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sc-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - update + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters/status + verbs: + - get + - patch + - update +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: sc-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'sc-manager-role' +subjects: +- kind: ServiceAccount + name: 'sc-manager' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/shard-controller-role-extra-rbac.yaml b/templates/projectsveltos/templates/shard-controller-role-extra-rbac.yaml new file mode 100644 index 000000000..b328ce81e --- /dev/null +++ b/templates/projectsveltos/templates/shard-controller-role-extra-rbac.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: shard-controller-role-extra + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - apps + resources: + - deployments + verbs: + - '*' \ No newline at end of file diff --git a/templates/projectsveltos/templates/shard-controller-rolebinding-extra-rbac.yaml b/templates/projectsveltos/templates/shard-controller-rolebinding-extra-rbac.yaml new file mode 100644 index 000000000..614f6db0c --- /dev/null +++ b/templates/projectsveltos/templates/shard-controller-rolebinding-extra-rbac.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: shard-controller-rolebinding-extra + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: 'shard-controller-role-extra' +subjects: +- kind: ServiceAccount + name: 'shard-controller' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/shard-manager-rbac.yaml b/templates/projectsveltos/templates/shard-manager-rbac.yaml new file mode 100644 index 000000000..0a6e9a0d7 --- /dev/null +++ b/templates/projectsveltos/templates/shard-manager-rbac.yaml @@ -0,0 +1,74 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: shard-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - apiextensions.k8s.io + resources: + - customresourcedefinitions + verbs: + - get + - list + - watch +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters/status + verbs: + - get +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + - sveltosclusters + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters/status + verbs: + - get +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: shard-manager-rolebinding + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: shard-controller + app.kubernetes.io/part-of: shard-controller + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'shard-manager-role' +subjects: +- kind: ServiceAccount + name: 'shard-controller' + namespace: '{{ .Release.Namespace }}' \ No newline at end of file diff --git a/templates/projectsveltos/templates/sveltos-agent-manager-rbac.yaml b/templates/projectsveltos/templates/sveltos-agent-manager-rbac.yaml new file mode 100644 index 000000000..42630f49b --- /dev/null +++ b/templates/projectsveltos/templates/sveltos-agent-manager-rbac.yaml @@ -0,0 +1,68 @@ +{{ if .Values.agent.managementCluster }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: sveltos-agent-manager-role + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +rules: +- apiGroups: + - authentication.k8s.io + resources: + - tokenreviews + verbs: + - create +- apiGroups: + - authorization.k8s.io + resources: + - subjectaccessreviews + verbs: + - create +- apiGroups: + - lib.projectsveltos.io + resources: + - debuggingconfigurations + verbs: + - get + - list + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - get + - list + - watch +- apiGroups: + - cluster.x-k8s.io + resources: + - clusters + verbs: + - get + - list + - watch +- apiGroups: + - lib.projectsveltos.io + resources: + - sveltosclusters + verbs: + - get + - list + - watch +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: sveltos-agent-manager-rolebinding + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: 'sveltos-agent-manager-role' +subjects: +- kind: ServiceAccount + name: 'sveltos-agent-manager' + namespace: '{{ .Release.Namespace }}' +{{ end }} diff --git a/templates/projectsveltos/templates/webhook-service.yaml b/templates/projectsveltos/templates/webhook-service.yaml new file mode 100644 index 000000000..71ee97367 --- /dev/null +++ b/templates/projectsveltos/templates/webhook-service.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Service +metadata: + name: webhook-service + labels: + {{- include "projectsveltos.labels" . | nindent 4 }} +spec: + type: {{ .Values.webhookService.type }} + selector: + app: sveltos-webhook + {{- include "projectsveltos.selectorLabels" . | nindent 4 }} + ports: + {{- .Values.webhookService.ports | toYaml | nindent 2 -}} \ No newline at end of file diff --git a/templates/projectsveltos/values.yaml b/templates/projectsveltos/values.yaml new file mode 100644 index 000000000..b6e327ff5 --- /dev/null +++ b/templates/projectsveltos/values.yaml @@ -0,0 +1,235 @@ +accessManager: + manager: + args: + - --diagnostics-address=:8443 + - --v=5 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/access-manager + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +addonController: + controller: + args: + - --diagnostics-address=:8443 + - --report-mode=0 + - --shard-key= + - --v=5 + - --version=v0.37.0 + argsAgentMgmtCluster: + - --diagnostics-address=:8443 + - --report-mode=0 + - --agent-in-mgmt-cluster + - --shard-key= + - --v=5 + - --version=v0.37.0 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/addon-controller + tag: v0.37.0 + resources: + requests: + memory: 256Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +classifierManager: + manager: + args: + - --diagnostics-address=:8443 + - --report-mode=0 + - --shard-key= + - --v=5 + - --version=v0.37.0 + argsAgentMgmtCluster: + - --diagnostics-address=:8443 + - --report-mode=0 + - --agent-in-mgmt-cluster + - --shard-key= + - --v=5 + - --version=v0.37.0 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/classifier + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 100m + memory: 128Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +conversionWebhook: + replicas: 1 + sveltosWebhook: + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/webhook-conversion + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 128Mi + requests: + cpu: 10m + memory: 64Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +eventManager: + manager: + args: + - --diagnostics-address=:8443 + - --shard-key= + - --v=5 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/event-manager + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +hcManager: + manager: + args: + - --diagnostics-address=:8443 + - --shard-key= + - --v=5 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/healthcheck-manager + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +kubernetesClusterDomain: cluster.local +registerMgmtClusterJob: + backoffLimit: 4 + registerMgmtCluster: + args: + - --labels= + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/register-mgmt-cluster + tag: v0.37.0 + imagePullPolicy: IfNotPresent + resources: + requests: + memory: 128Mi +scManager: + manager: + args: + - --diagnostics-address=:8443 + - --shard-key= + - --v=5 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/sveltoscluster-manager + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +shardController: + manager: + args: + - --diagnostics-address=:8443 + - --v=5 + - --report-mode=0 + argsAgentMgmtCluster: + - --diagnostics-address=:8443 + - --report-mode=0 + - --agent-in-mgmt-cluster + - --v=5 + containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + image: + repository: docker.io/projectsveltos/shard-controller + tag: v0.37.0 + resources: + limits: + cpu: 500m + memory: 256Mi + requests: + cpu: 10m + memory: 128Mi + nodeSelector: {} + replicas: 1 + tolerations: [] +prometheus: + enabled: false +agent: + managementCluster: false +webhookService: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + type: ClusterIP