--- {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} apiVersion: v1 data: .dockerconfigjson: {{ printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password .Values.imagePullSecrets.email (printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc) | b64enc }} kind: Secret metadata: name: kubeslice-image-pull-secret namespace: kubeslice-controller type: kubernetes.io/dockerconfigjson {{- end }} --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: clusters.controller.kubeslice.io spec: group: controller.kubeslice.io names: kind: Cluster listKind: ClusterList plural: clusters singular: cluster scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Cluster is the Schema for the clusters API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ClusterSpec defines the desired state of Cluster properties: clusterProperty: description: put in an object properties: geoLocation: description: GeoLocation contains information regarding Geographical Location of the Cluster properties: cloudProvider: description: CloudProvider is the cloud service provider type: string cloudRegion: description: CloudRegion is the region of the cloud type: string latitude: description: Latitude is the latitude of the cluster type: string longitude: description: Longitude is the longitude of the cluster type: string type: object monitoring: description: Monitoring contains the Kubernetes Monitoring Dashboard properties: kubernetesDashboard: description: KubernetesDashboard contains the information regarding Kubernetes Monitoring Dashboard properties: accessToken: description: AccessToken is the Access Token to access the KubernetesDashboard type: string enabled: description: Enabled is the enable status of the KubernetesDashboard type: boolean endpoint: description: Endpoint is the base endpoint to access the kubernetes dashboard type: string ingressPrefix: description: IngressPrefix is the prefix of ingress gateway for KubernetesDashboard type: string type: object type: object telemetry: description: Telemetry contains Telemetry information properties: enabled: description: Enabled is the enable status of the Telemetry type: boolean endpoint: description: Endpoint is the Telemetry Endpoint type: string telemetryProvider: description: TelemetryProvider is the Telemetry Provider information type: string type: object type: object networkInterface: description: NetworkInterface is the network interface attached with the cluster. type: string nodeIP: description: NodeIP is the IP address of the Node type: string type: object status: description: ClusterStatus defines the observed state of Cluster properties: cniSubnet: description: CniSubnet is the podip and service ip subnet of CNI items: type: string type: array namespaces: description: Namespaces present in cluster items: properties: name: type: string sliceName: type: string type: object type: array secretName: description: SecretName is the name of the secret for the worker cluster. type: string type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: projects.controller.kubeslice.io spec: group: controller.kubeslice.io names: kind: Project listKind: ProjectList plural: projects singular: project scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: Project is the Schema for the projects API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ProjectSpec defines the desired state of Project properties: serviceAccount: description: ServiceAccount is a field of Project. Edit project_types.go to remove/update properties: readOnly: items: type: string type: array readWrite: items: type: string type: array type: object type: object status: description: ProjectStatus defines the observed state of Project type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: serviceexportconfigs.controller.kubeslice.io spec: group: controller.kubeslice.io names: kind: ServiceExportConfig listKind: ServiceExportConfigList plural: serviceexportconfigs singular: serviceexportconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: ServiceExportConfig is the Schema for the serviceexportconfigs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: ServiceExportConfigSpec defines the desired state of ServiceExportConfig properties: serviceDiscoveryEndpoints: description: the service discovery endpoint array items: properties: cluster: description: The ID of the cluster. type: string dnsName: description: the dns_name of the service type: string nsmIp: description: The NSM IP address. type: string podName: description: The name of the pod. type: string port: description: port of the service format: int32 type: integer type: object type: array serviceDiscoveryPorts: description: The ports for the given service. items: properties: name: description: The name of the port. type: string port: description: The port number. format: int32 type: integer protocol: description: The protocol. type: string type: object type: array serviceName: description: ServiceName is the name of the service type: string serviceNamespace: type: string sliceName: description: The name of the slice. type: string sourceCluster: description: clusterId is the id of the cluster where the service is available. type: string required: - serviceName - sliceName - sourceCluster type: object status: type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: sliceconfigs.controller.kubeslice.io spec: group: controller.kubeslice.io names: kind: SliceConfig listKind: SliceConfigList plural: sliceconfigs singular: sliceconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: SliceConfig is the Schema for the sliceconfig API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: SliceConfigSpec defines the desired state of SliceConfig properties: clusters: items: type: string type: array externalGatewayConfig: items: description: ExternalGatewayConfig is the configuration for external gateways like 'istio', etc/ properties: clusters: items: type: string type: array egress: properties: enabled: type: boolean type: object gatewayType: enum: - none - istio type: string ingress: properties: enabled: type: boolean type: object nsIngress: properties: enabled: type: boolean type: object type: object type: array maxClusters: default: 16 maximum: 32 minimum: 2 type: integer namespaceIsolationProfile: properties: allowedNamespaces: items: properties: clusters: items: type: string type: array namespace: type: string type: object type: array applicationNamespaces: items: properties: clusters: items: type: string type: array namespace: type: string type: object type: array isolationEnabled: default: false type: boolean type: object qosProfileDetails: description: The custom QOS Profile Details properties: bandwidthCeilingKbps: type: integer bandwidthGuaranteedKbps: type: integer dscpClass: enum: - Default - AF11 - AF12 - AF13 - AF21 - AF22 - AF23 - AF31 - AF32 - AF33 - AF41 - AF42 - AF43 - EF type: string priority: type: integer queueType: default: HTB type: string tcType: default: BANDWIDTH_CONTROL type: string required: - bandwidthCeilingKbps - bandwidthGuaranteedKbps - dscpClass - priority - queueType - tcType type: object sliceGatewayProvider: description: WorkerSliceGatewayProvider defines the configuration for slicegateway properties: sliceCaType: default: Local type: string sliceGatewayType: default: OpenVPN type: string required: - sliceCaType - sliceGatewayType type: object sliceIpamType: default: Local type: string sliceSubnet: type: string sliceType: default: Application type: string standardQosProfileName: type: string required: - sliceGatewayProvider type: object status: description: SliceConfigStatus defines the observed state of SliceConfig type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: slicenodeaffinities.controller.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: controller.kubeslice.io names: kind: SliceNodeAffinity listKind: SliceNodeAffinityList plural: slicenodeaffinities singular: slicenodeaffinity scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: SliceNodeAffinity is the Schema for the slicenodeaffinities API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: SliceNodeAffinitySpec defines the desired state of SliceNodeAffinity properties: nodeAffinityProfiles: description: NodeAffinityProfiles defines the node affinity profile for the slice items: properties: cluster: description: Cluster is the cluster in the slice this rule applies to type: string nodeAffinityRules: description: NodeAffinityRules defines the node affinity profile for the slice items: properties: namespace: description: Namespace is the namespace in the slice this rule applies to type: string nodeSelectorLabels: description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods items: description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array type: object type: array type: object type: array type: object status: description: SliceNodeAffinityStatus defines the observed state of SliceNodeAffinity type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: sliceqosconfigs.controller.kubeslice.io spec: group: controller.kubeslice.io names: kind: SliceQoSConfig listKind: SliceQoSConfigList plural: sliceqosconfigs singular: sliceqosconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: SliceQoSConfig is the Schema for the sliceqosconfigs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: SliceQoSConfigSpec defines the desired state of SliceQoSConfig properties: bandwidthCeilingKbps: type: integer bandwidthGuaranteedKbps: type: integer dscpClass: enum: - Default - AF11 - AF12 - AF13 - AF21 - AF22 - AF23 - AF31 - AF32 - AF33 - AF41 - AF42 - AF43 - EF type: string priority: type: integer queueType: enum: - HTB type: string tcType: enum: - BANDWIDTH_CONTROL type: string required: - bandwidthCeilingKbps - bandwidthGuaranteedKbps - dscpClass - priority - queueType - tcType type: object status: description: SliceQoSConfigStatus defines the observed state of SliceQoSConfig type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: sliceresourcequotaconfigs.controller.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: controller.kubeslice.io names: kind: SliceResourceQuotaConfig listKind: SliceResourceQuotaConfigList plural: sliceresourcequotaconfigs singular: sliceresourcequotaconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: SliceResourceQuotaConfig is the Schema for the sliceresourcequotaconfigs API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: SliceResourceQuotaConfigSpec defines the desired state of SliceResourceQuotaConfig properties: clusterQuota: description: ClusterQuota defines the configuration for cluster quota of a resource quota items: description: ClusterQuota defines the configuration for cluster quota of a resource quota properties: clusterName: description: ClusterName defines the name of the cluster in ClusterQuota type: string namespaceQuota: description: NamespaceQuota defines the configuration for namespace quota of a ClusterQuota items: description: NamespaceQuota defines the configuration for namespace quota of a NamespaceQuota properties: enforceQuota: default: false description: EnforceQuota defines the enforceQuota status flag for NamespaceQuota type: boolean namespace: description: Namespace defines the namespace of the NamespaceQuota type: string resources: description: Resources defines the configuration for resources for NamespaceQuota properties: defaultLimitPerContainer: properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object defaultRequestPerContainer: properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object limit: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object request: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object type: object type: array resources: description: Resources defines the configuration for resources for ClusterQuota properties: limit: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object request: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object type: object type: array sliceQuota: description: SliceQuota defines the configuration for slice quota of a resource quota properties: resources: description: Resources defines the configuration for resources for SliceQuota properties: defaultRequestPerContainer: properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object limit: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object request: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object type: object type: object status: description: SliceResourceQuotaConfigStatus defines the observed state of SliceResourceQuotaConfig type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: slicerolebindings.controller.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: controller.kubeslice.io names: kind: SliceRoleBinding listKind: SliceRoleBindingList plural: slicerolebindings singular: slicerolebinding scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: SliceRoleBinding is the Schema for the slicerolebindings API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string bindings: items: description: RoleBinding references a role, but does not contain it. properties: applyTo: description: ApplyTo contains information about the namespace and the Subjects. items: description: ApplyTo contains information about the namespace and the Subjects. It adds who information via Subjects and namespace information by which namespace it exists in. properties: namespace: description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. '*' Represents all namespaces type: string subjects: description: Subjects holds references to the objects the role applies to. items: description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. properties: apiGroup: description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. type: string kind: description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. type: string name: description: Name of the object being referenced. type: string namespace: description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. type: string required: - kind - name type: object type: array type: object type: array roleRef: description: RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error. properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - apiVersion - kind - name type: object type: object type: array kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object status: properties: roleRefConditions: items: properties: condition: description: Condition defines conditions of a RoleRef, one of INVALID_NS, NOT_ACCESSIBLE, INVALID_RULE, INVALID_ROLE_BINDING. type: string lastUpdateTime: description: The last time this condition was updated. format: date-time type: string message: description: A human-readable message indicating details about the transition. type: string namespace: description: Name of the Namespace in case of INVALID_NS condition. type: string reason: description: The reason for the condition's last transition. type: string roleRef: description: Name, APIVersion and Kind of the RoleRef properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - apiVersion - kind - name type: object status: description: Status of the condition, one of True, False, Unknown. type: string required: - condition - lastUpdateTime - reason - roleRef - status type: object type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: sliceroletemplates.controller.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: controller.kubeslice.io names: kind: SliceRoleTemplate listKind: SliceRoleTemplateList plural: sliceroletemplates singular: sliceroletemplate scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: SliceRoleTemplate is the Schema for the sliceroletemplates API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object rules: items: description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. properties: apiGroups: description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. items: type: string type: array nonResourceURLs: description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. items: type: string type: array resourceNames: description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. items: type: string type: array resources: description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string type: array verbs: description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string type: array required: - verbs type: object type: array status: description: SliceRoleTemplateStatus defines the observed state of SliceResourceQuotaConfig type: object required: - rules type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: workerserviceimports.worker.kubeslice.io spec: group: worker.kubeslice.io names: kind: WorkerServiceImport listKind: WorkerServiceImportList plural: workerserviceimports singular: workerserviceimport scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: WorkerServiceImport is the Schema for the workerserviceimport API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkerServiceImportSpec defines the desired state of WorkerServiceImport properties: serviceDiscoveryEndpoints: description: the service discovery endpoint array items: properties: cluster: description: The ID of the cluster. type: string dnsName: description: the dns_name of the service type: string nsmIp: description: The NSM IP address. type: string podName: description: The name of the pod. type: string port: description: port of the service format: int32 type: integer type: object type: array serviceDiscoveryPorts: description: The ports for the given service. items: properties: name: description: The name of the port. type: string port: description: The port number. format: int32 type: integer protocol: description: The protocol. type: string type: object type: array serviceName: description: ServiceName is the name of the service type: string serviceNamespace: description: ServiceNamespace is the namespace of the service type: string sliceName: description: The name of the slice. type: string sourceClusters: description: clusterId is the id of the cluster where the service is available. items: type: string type: array type: object status: description: WorkerServiceImportStatus defines the observed state of WorkerServiceImport type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: workersliceconfigs.worker.kubeslice.io spec: group: worker.kubeslice.io names: kind: WorkerSliceConfig listKind: WorkerSliceConfigList plural: workersliceconfigs singular: workersliceconfig scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: WorkerSliceConfig is the Schema for the slice API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkerSliceConfigSpec defines the desired state of Slice properties: clusterSubnetCIDR: type: string externalGatewayConfig: properties: egress: properties: enabled: type: boolean type: object gatewayType: enum: - none - istio type: string ingress: properties: enabled: type: boolean type: object nsIngress: properties: enabled: type: boolean type: object type: object ipamClusterOctet: type: integer namespaceIsolationProfile: properties: allowedNamespaces: items: type: string type: array applicationNamespaces: items: type: string type: array isolationEnabled: default: false type: boolean type: object octet: type: integer qosProfileDetails: description: QOSProfile is the QOS Profile configuration from backend properties: bandwidthCeilingKbps: type: integer bandwidthGuaranteedKbps: type: integer dscpClass: enum: - Default - AF11 - AF12 - AF13 - AF21 - AF22 - AF23 - AF31 - AF32 - AF33 - AF41 - AF42 - AF43 - EF type: string priority: type: integer queueType: default: HTB type: string tcType: type: string type: object sliceGatewayProvider: description: WorkerSliceGatewayProvider defines the configuration for slicegateway properties: sliceCaType: default: Local type: string sliceGatewayType: default: OpenVPN type: string type: object sliceIpamType: default: Local type: string sliceName: type: string sliceSubnet: type: string sliceType: default: Application type: string required: - octet type: object status: description: WorkerSliceConfigStatus defines the observed state of Slice properties: connectedAppPods: items: description: AppPod defines the app pods connected to slice properties: nsmInterface: description: NsmInterface is the nsm interface of App type: string nsmIp: description: NsmIP is the nsm ip of App type: string nsmPeerIp: description: PeerIp is the nsm peer ip of gateway type: string podIp: description: PodIP is App Pod IP type: string podName: description: PodName is App Pod Name type: string podNamespace: description: PodNamespace is App Pod Namespace type: string type: object type: array onboardedAppNamespaces: items: properties: name: type: string type: object type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.7.0 creationTimestamp: null name: workerslicegateways.worker.kubeslice.io spec: group: worker.kubeslice.io names: kind: WorkerSliceGateway listKind: WorkerSliceGatewayList plural: workerslicegateways singular: workerslicegateway scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: WorkerSliceGateway is the Schema for the slicegateways API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkerSliceGatewaySpec defines the desired state of WorkerSliceGateway properties: gatewayCredentials: properties: secretName: type: string type: object gatewayHostType: enum: - Client - Server type: string gatewayNumber: type: integer gatewayType: default: OpenVPN type: string localGatewayConfig: properties: clusterName: type: string gatewayName: type: string gatewaySubnet: type: string nodeIp: type: string nodePort: type: integer vpnIp: type: string type: object remoteGatewayConfig: properties: clusterName: type: string gatewayName: type: string gatewaySubnet: type: string nodeIp: type: string nodePort: type: integer vpnIp: type: string type: object sliceName: type: string type: object status: description: WorkerSliceGatewayStatus defines the observed state of WorkerSliceGateway properties: clusterInsertionIndex: type: integer gatewayNumber: type: integer type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: workerslicenodeaffinities.worker.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: worker.kubeslice.io names: kind: WorkerSliceNodeAffinity listKind: WorkerSliceNodeAffinityList plural: workerslicenodeaffinities singular: workerslicenodeaffinity scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: WorkerSliceNodeAffinity is the Schema for the workerslicenodeaffinities API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkerSliceNodeAffinitySpec defines the desired state of WorkerSliceNodeAffinity properties: clusterName: description: ClusterName defines the name of the cluster for the WorkerSliceNodeAffinity type: string nodeAffinityRules: description: NodeAffinityRules defines the node affinity profile for the slice items: properties: namespace: description: Namespace is the namespace in the slice this rule applies to type: string nodeSelectorLabels: description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods items: description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array type: object type: array sliceName: description: SliceName defines the name of the slice for the WorkerSliceNodeAffinity type: string type: object status: description: WorkerSliceNodeAffinityStatus defines the observed state of WorkerSliceNodeAffinity properties: nodeAffinityRules: description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file' items: properties: namespace: description: Namespace is the namespace in the slice this rule applies to type: string nodeSelectorLabels: description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods items: description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values. properties: key: description: The label key that the selector applies to. type: string operator: description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt. type: string values: description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch. items: type: string type: array required: - key - operator type: object type: array type: object type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: workersliceresourcequotas.worker.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: worker.kubeslice.io names: kind: WorkerSliceResourceQuota listKind: WorkerSliceResourceQuotaList plural: workersliceresourcequotas singular: workersliceresourcequota scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: WorkerSliceResourceQuota is the Schema for the workersliceresourcequota API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object spec: description: WorkerSliceResourceQuotaSpec defines the desired state of WorkerSliceResourceQuota properties: clusterName: description: ClusterName defines the name of the cluster for the WorkerResourceQuota type: string resourceQuotaProfile: description: ResourceQuotaProfile defines the resource quota profile for the slice properties: clusterQuota: description: ClusterQuota defines the configuration for cluster quota of a resource quota properties: namespaceQuota: description: NamespaceQuota defines the configuration for namespace quota of a ClusterQuota items: description: NamespaceQuota defines the configuration for namespace quota of a namespaceQuota properties: enforceQuota: default: false description: EnforceQuota defines the enforceQuota status flag for NamespaceQuota type: boolean namespace: description: Namespace defines the namespace of the NamespaceQuota type: string resources: description: Resources defines the configuration for resources for NamespaceQuota properties: defaultLimitPerContainer: description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object defaultRequestPerContainer: description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object limit: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object request: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object type: object type: array resources: description: Resources defines the configuration for resources for ClusterQuota properties: limit: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object request: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object type: object sliceQuota: description: SliceQuota defines the configuration for slice quota of a resource quota properties: resources: description: Resources defines the configuration for resources for SliceQuota properties: defaultRequestPerContainer: description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object limit: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object request: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object type: object type: object type: object sliceName: description: SliceName defines the name of the slice for the WorkerResourceQuota type: string type: object status: description: WorkerSliceResourceQuotaStatus defines the observed state of WorkerSliceResourceQuota properties: clusterResourceQuotaStatus: properties: namespaceResourceQuotaStatus: items: properties: namespace: type: string requestResourceUsage: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object resourceUsage: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object type: object type: array requestResourceUsage: description: RequestResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true type: object resourceUsage: description: LimitResourceList is a set of (resource name, quantity) pairs. properties: cpu: anyOf: - type: integer - type: string description: CPU in cores. (500m = .5 cores) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true ephemeralStorage: anyOf: - type: integer - type: string description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases. pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true memory: anyOf: - type: integer - type: string description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ x-kubernetes-int-or-string: true podCount: description: PodCount in number. format: int64 type: integer type: object type: object onboardedNamespace: items: type: string type: array type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert controller-gen.kubebuilder.io/version: v0.7.0 name: workerslicerolebindings.worker.kubeslice.io spec: conversion: strategy: Webhook webhook: clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /convert conversionReviewVersions: - v1 group: worker.kubeslice.io names: kind: WorkerSliceRoleBinding listKind: WorkerSliceRoleBindingList plural: workerslicerolebindings singular: workerslicerolebinding scope: Namespaced versions: - name: v1alpha1 schema: openAPIV3Schema: description: WorkerSliceRoleBinding is the Schema for the workerslicerolebindings API properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string bindings: properties: applyTo: description: ApplyTo contains information about the namespace and the Subjects. items: description: ApplyTo contains information about the namespace and the Subjects. It adds who information via Subjects and namespace information by which namespace it exists in. properties: namespace: description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. '*' Represents all namespaces type: string subjects: description: Subjects holds references to the objects the role applies to. items: description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names. properties: apiGroup: description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects. type: string kind: description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error. type: string name: description: Name of the object being referenced. type: string namespace: description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. type: string required: - kind - name type: object type: array type: object type: array rules: items: description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to. properties: apiGroups: description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed. items: type: string type: array nonResourceURLs: description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both. items: type: string type: array resourceNames: description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed. items: type: string type: array resources: description: Resources is a list of resources this rule applies to. '*' represents all resources. items: type: string type: array verbs: description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs. items: type: string type: array required: - verbs type: object type: array type: object kind: description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' type: string metadata: type: object status: properties: roleRefCondition: properties: condition: description: Condition defines conditions of the RoleRef, one of INVALID_RULE, INVALID_ROLE_BINDING. type: string lastUpdateTime: description: The last time this condition was updated. format: date-time type: string message: description: A human-readable message indicating details about the transition. type: string reason: description: The reason for the condition's last transition. type: string roleRef: description: Name, APIGroup and Kind of the RoleRef properties: apiVersion: description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' type: string kind: description: Kind is the type of resource being referenced type: string name: description: Name is the name of resource being referenced type: string required: - apiVersion - kind - name type: object status: description: Status of the condition, one of True, False, Unknown. type: string required: - condition - lastUpdateTime - reason - roleRef - status type: object type: object type: object served: true storage: true subresources: status: {} status: acceptedNames: kind: "" plural: "" conditions: [] storedVersions: [] --- apiVersion: v1 kind: ServiceAccount metadata: name: kubeslice-controller-controller-manager namespace: kubeslice-controller --- apiVersion: v1 kind: ServiceAccount metadata: name: kubeslice-controller-ovpn-manager namespace: kubeslice-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: kubeslice-controller-leader-election-role namespace: kubeslice-controller rules: - apiGroups: - "" resources: - configmaps verbs: - get - list - watch - create - update - patch - delete - apiGroups: - coordination.k8s.io resources: - leases verbs: - get - list - watch - create - update - patch - delete - apiGroups: - "" resources: - events verbs: - create - patch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: creationTimestamp: null name: kubeslice-controller-controller-role rules: - apiGroups: - "" resources: - events verbs: - create - escalate - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces verbs: - create - delete - escalate - get - list - patch - update - watch - apiGroups: - "" resources: - secrets verbs: - create - delete - escalate - get - list - patch - update - watch - apiGroups: - "" resources: - serviceaccounts verbs: - create - delete - get - list - patch - update - watch - apiGroups: - batch resources: - jobs verbs: - create - delete - get - list - patch - update - watch - apiGroups: - controller.kubeslice.io resources: - clusters - projects - serviceexportconfigs - sliceconfigs - slicenodeaffinities - sliceqosconfigs - sliceresourcequotaconfigs - slicerolebindings - sliceroletemplates verbs: - create - delete - get - list - patch - update - watch - apiGroups: - controller.kubeslice.io resources: - clusters/finalizers - projects/finalizers - serviceexportconfigs/finalizers - sliceconfigs/finalizers - slicenodeaffinities/finalizers - sliceqosconfigs/finalizers - sliceresourcequotaconfigs/finalizers - slicerolebindings/finalizers - sliceroletemplates/finalizers verbs: - update - apiGroups: - controller.kubeslice.io resources: - clusters/status - projects/status - serviceexportconfigs/status - sliceconfigs/status - slicenodeaffinities/status - sliceqosconfigs/status - sliceresourcequotaconfigs/status - slicerolebindings/status - sliceroletemplates/status verbs: - get - list - patch - update - watch - apiGroups: - rbac.authorization.k8s.io resources: - clusterroles - rolebindings - roles verbs: - create - delete - get - list - patch - update - watch - apiGroups: - worker.kubeslice.io resources: - workerserviceimports - workersliceconfigs - workerslicegateways - workerslicenodeaffinities - workersliceresourcequotas - workerslicerolebindings verbs: - create - delete - get - list - patch - update - watch - apiGroups: - worker.kubeslice.io resources: - workerserviceimports/finalizers - workersliceconfigs/finalizers - workerslicegateways/finalizers - workerslicenodeaffinities/finalizers - workersliceresourcequotas/finalizers - workerslicerolebindings/finalizers verbs: - update - apiGroups: - worker.kubeslice.io resources: - workerserviceimports/status - workersliceconfigs/status - workerslicegateways/status - workerslicenodeaffinities/status - workersliceresourcequotas/status - workerslicerolebindings/status verbs: - get - list - patch - update - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: v1.8.0 name: kubeslice-controller-kube-state-metrics rules: - apiGroups: - "" resources: - configmaps - secrets - nodes - pods - services - resourcequotas - replicationcontrollers - limitranges - persistentvolumeclaims - persistentvolumes - namespaces - endpoints verbs: - list - watch - apiGroups: - extensions resources: - daemonsets - deployments - replicasets - ingresses verbs: - list - watch - apiGroups: - apps resources: - statefulsets - daemonsets - deployments - replicasets verbs: - list - watch - apiGroups: - batch resources: - cronjobs - jobs verbs: - list - watch - apiGroups: - autoscaling resources: - horizontalpodautoscalers verbs: - list - watch - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create - apiGroups: - policy resources: - poddisruptionbudgets verbs: - list - watch - apiGroups: - certificates.k8s.io resources: - certificatesigningrequests verbs: - list - watch - apiGroups: - storage.k8s.io resources: - storageclasses - volumeattachments verbs: - list - watch - apiGroups: - admissionregistration.k8s.io resources: - mutatingwebhookconfigurations - validatingwebhookconfigurations verbs: - list - watch - apiGroups: - networking.k8s.io resources: - networkpolicies verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeslice-controller-metrics-reader rules: - nonResourceURLs: - /metrics verbs: - get --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeslice-controller-ovpn-editor-role rules: - apiGroups: - worker.kubeslice.io resources: - workerslicegateways verbs: - create - delete - get - list - patch - update - watch - apiGroups: - "" resources: - namespaces verbs: - escalate - get - list - patch - update - watch - apiGroups: - "" resources: - secrets verbs: - escalate - get - list - watch - update - patch - create - apiGroups: - worker.kubeslice.io resources: - workerslicegateways/status verbs: - get - patch - update --- {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeslice-controller-prometheus rules: - apiGroups: - "" resources: - nodes - nodes/proxy - services - endpoints - pods verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch - nonResourceURLs: - /metrics verbs: - get {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: name: kubeslice-controller-proxy-role rules: - apiGroups: - authentication.k8s.io resources: - tokenreviews verbs: - create - apiGroups: - authorization.k8s.io resources: - subjectaccessreviews verbs: - create --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: kubeslice-controller-leader-election-rolebinding namespace: kubeslice-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: Role name: kubeslice-controller-leader-election-role subjects: - kind: ServiceAccount name: kubeslice-controller-controller-manager namespace: kubeslice-controller --- {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: app.kubernetes.io/name: kube-state-metrics app.kubernetes.io/version: v1.8.0 name: kubeslice-controller-kube-state-metrics roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-controller-kube-state-metrics subjects: - kind: ServiceAccount name: kube-state-metrics namespace: kube-system {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubeslice-controller-manager-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-controller-controller-role subjects: - kind: ServiceAccount name: kubeslice-controller-controller-manager namespace: kubeslice-controller --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubeslice-controller-ovpn-controller-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-controller-ovpn-editor-role subjects: - kind: ServiceAccount name: kubeslice-controller-ovpn-manager namespace: kubeslice-controller --- {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubeslice-controller-prometheus roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-controller-prometheus subjects: - kind: ServiceAccount name: default namespace: kubeslice-controller {{ end }} --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: kubeslice-controller-proxy-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kubeslice-controller-proxy-role subjects: - kind: ServiceAccount name: kubeslice-controller-controller-manager namespace: kubeslice-controller --- apiVersion: v1 data: controller_manager_config.yaml: | apiVersion: controller-runtime.sigs.k8s.io/v1alpha1 kind: ControllerManagerConfig health: healthProbeBindAddress: :8081 metrics: bindAddress: 127.0.0.1:8080 webhook: port: 9443 leaderElection: leaderElect: true resourceName: 35a65c38.kubeslice.io kind: ConfigMap metadata: name: kubeslice-controller-manager-config namespace: kubeslice-controller --- {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: v1 data: prometheus.rules: |- groups: - name: Resource Quota violation alerts rules: - alert: Slice Resource Quota Violation expr: kubeslice_controller_slice_quota_violation > 0 for: 1m labels: severity: critical annotations: summary: "Slice Resource Usage Exceeded Quota" description: "The slice {{ "{{" }} $labels.slice_name}} has CPU usage {{ "{{" }} $labels.cpu}} and memory usage {{ "{{" }} $labels.memory}}: violated by {{ "{{" }} $labels.violated_resource_type}}" - alert: Cluster Resource Quota Violation expr: kubeslice_controller_cluster_quota_violation > 0 for: 1m labels: severity: critical annotations: summary: "Cluster Resource Usage Exceeded Quota" description: "The cluster {{ "{{" }} $labels.cluster_name}} has CPU usage {{ "{{" }} $labels.cpu}} and memory usage {{ "{{" }} $labels.memory}}: violated by {{ "{{" }} $labels.violated_resource_type}}" - alert: Namespace Resource Quota Violation expr: kubeslice_controller_namespace_quota_violation > 0 for: 1m labels: severity: critical annotations: summary: "Namespace Resource Usage Exceeded Quota" description: "The namespace {{ "{{" }}$labels.namespace}} has CPU usage {{ "{{" }}$labels.cpu}} and memory usage {{ "{{" }}$labels.memory}}: violated by {{ "{{" }}$labels.violated_resource_type}}" prometheus.yml: |- global: scrape_interval: 5s evaluation_interval: 5s rule_files: - /etc/prometheus/prometheus.rules scrape_configs: - job_name: 'kubernetes-pods' kubernetes_sd_configs: - role: pod relabel_configs: - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape] action: keep regex: true - source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path] action: replace target_label: __metrics_path__ regex: (.+) - source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port] action: replace regex: ([^:]+)(?::\d+)?;(\d+) replacement: $1:$2 target_label: __address__ - action: labelmap regex: __meta_kubernetes_pod_label_(.+) - source_labels: [__meta_kubernetes_namespace] action: replace target_label: kubernetes_namespace - source_labels: [__meta_kubernetes_pod_name] action: replace target_label: kubernetes_pod_name kind: ConfigMap metadata: labels: name: prometheus-server-conf name: kubeslice-controller-prometheus-server-conf namespace: kubeslice-controller {{ end }} --- --- apiVersion: v1 kind: Service metadata: labels: control-plane: controller-manager name: kubeslice-controller-controller-manager-metrics-service namespace: kubeslice-controller spec: ports: - name: https port: 8443 protocol: TCP targetPort: https selector: control-plane: controller-manager --- {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: v1 kind: Service metadata: name: kubeslice-controller-prometheus-service namespace: kubeslice-controller spec: ports: - port: 9090 targetPort: 9090 selector: app: prometheus-server type: ClusterIP {{ end }} --- apiVersion: v1 kind: Service metadata: name: kubeslice-controller-webhook-service namespace: kubeslice-controller spec: ports: - port: 443 protocol: TCP targetPort: 9443 selector: control-plane: controller-manager --- apiVersion: batch/v1 kind: Job metadata: name: kubeslice-controller-cleanup annotations: # This is what defines this resource as a hook. Without this line, the # job is considered part of the release. "helm.sh/hook": pre-delete "helm.sh/hook-delete-policy": hook-succeeded,hook-failed spec: template: spec: serviceAccountName: kubeslice-controller-controller-manager containers: - name: cleanup image: '{{ .Values.kubeslice.controller.image }}:{{ .Values.kubeslice.controller.tag }}' imagePullPolicy: '{{ .Values.kubeslice.controller.pullPolicy }}' command: - /cleanup env: - name: KUBESLICE_CONTROLLER_MANAGER_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace imagePullSecrets: - name: kubeslice-image-pull-secret restartPolicy: Never backoffLimit: 1 --- apiVersion: apps/v1 kind: Deployment metadata: labels: control-plane: controller-manager name: kubeslice-controller-manager namespace: kubeslice-controller spec: replicas: 1 selector: matchLabels: control-plane: controller-manager template: metadata: annotations: kubectl.kubernetes.io/default-container: manager prometheus.io/port: "18080" prometheus.io/scrape: "true" labels: control-plane: controller-manager spec: containers: - args: - --secure-listen-address=0.0.0.0:8443 - --upstream=http://127.0.0.1:8080/ - --logtostderr=true - --v=0 image: '{{ .Values.kubeslice.rbacproxy.image }}:{{ .Values.kubeslice.rbacproxy.tag }}' name: kube-rbac-proxy ports: - containerPort: 8443 name: https protocol: TCP - args: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - --log-level={{ required "A valid value is required!" .Values.kubeslice.controller.logLevel }} - --rbac-resource-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.rbacResourcePrefix }} - --project-namespace-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.projectnsPrefix }} - --controller-end-point={{ required "A valid value is required!" .Values.kubeslice.controller.endpoint }} - --prometheus-service-endpoint={{ required "A valid value is required!" .Values.kubeslice.prometheus.url}} - --ovpn-job-image={{ .Values.kubeslice.ovpnJob.image }}:{{ .Values.kubeslice.ovpnJob.tag }} command: - /manager env: - name: KUBESLICE_CONTROLLER_MANAGER_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace image: '{{ .Values.kubeslice.controller.image }}:{{ .Values.kubeslice.controller.tag }}' imagePullPolicy: '{{ .Values.kubeslice.controller.pullPolicy }}' livenessProbe: httpGet: path: /healthz port: 8081 initialDelaySeconds: 15 periodSeconds: 20 name: manager ports: - containerPort: 9443 name: webhook-server protocol: TCP readinessProbe: httpGet: path: /readyz port: 8081 initialDelaySeconds: 5 periodSeconds: 10 resources: limits: cpu: 500m memory: 128Mi requests: cpu: 10m memory: 64Mi securityContext: allowPrivilegeEscalation: false volumeMounts: - mountPath: /tmp/k8s-webhook-server/serving-certs name: cert readOnly: true securityContext: runAsNonRoot: true serviceAccountName: kubeslice-controller-controller-manager terminationGracePeriodSeconds: 10 volumes: - name: cert secret: defaultMode: 420 secretName: webhook-server-cert {{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }} imagePullSecrets: - name: kubeslice-image-pull-secret {{- end }} --- {{ if .Values.kubeslice.prometheus.enabled}} apiVersion: apps/v1 kind: Deployment metadata: labels: app: prometheus-server name: kubeslice-controller-prometheus namespace: kubeslice-controller spec: replicas: 1 selector: matchLabels: app: prometheus-server strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 0 type: RollingUpdate template: metadata: labels: app: prometheus-server spec: containers: - args: - --config.file=/etc/prometheus/prometheus.yml - --storage.tsdb.path=/prometheus/ image: prom/prometheus name: prometheus ports: - containerPort: 9090 volumeMounts: - mountPath: /etc/prometheus/ name: prometheus-config-volume - mountPath: /prometheus/ name: prometheus-storage-volume volumes: - configMap: defaultMode: 420 name: kubeslice-controller-prometheus-server-conf name: prometheus-config-volume - emptyDir: {} name: prometheus-storage-volume {{ end }} --- apiVersion: cert-manager.io/v1 kind: Certificate metadata: name: kubeslice-controller-serving-cert namespace: kubeslice-controller spec: dnsNames: - kubeslice-controller-webhook-service.kubeslice-controller.svc - kubeslice-controller-webhook-service.kubeslice-controller.svc.cluster.local issuerRef: kind: Issuer name: kubeslice-controller-selfsigned-issuer secretName: webhook-server-cert --- apiVersion: cert-manager.io/v1 kind: Issuer metadata: name: kubeslice-controller-selfsigned-issuer namespace: kubeslice-controller spec: selfSigned: {} --- apiVersion: admissionregistration.k8s.io/v1 kind: MutatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert name: kubeslice-controller-mutating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-sliceresourcequotaconfig failurePolicy: Fail name: msliceresourcequotaconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - sliceresourcequotaconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-slicerolebinding failurePolicy: Fail name: mslicerolebinding.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - slicerolebindings sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-cluster failurePolicy: Fail name: mcluster.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - clusters sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-project failurePolicy: Fail name: mproject.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - projects sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-serviceexportconfig failurePolicy: Fail name: mserviceexportconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - serviceexportconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-sliceconfig failurePolicy: Fail name: msliceconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - sliceconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-controller-kubeslice-io-v1alpha1-sliceqosconfig failurePolicy: Fail name: msliceqosconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - sliceqosconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-worker-kubeslice-io-v1alpha1-workersliceconfig failurePolicy: Fail name: mworkersliceconfig.kb.io rules: - apiGroups: - worker.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - workersliceconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /mutate-worker-kubeslice-io-v1alpha1-workerslicegateway failurePolicy: Fail name: mworkerslicegateway.kb.io rules: - apiGroups: - worker.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - workerslicegateways sideEffects: None --- apiVersion: admissionregistration.k8s.io/v1 kind: ValidatingWebhookConfiguration metadata: annotations: cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert name: kubeslice-controller-validating-webhook-configuration webhooks: - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-sliceresourcequotaconfig failurePolicy: Fail name: vsliceresourcequotaconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - sliceresourcequotaconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-slicerolebinding failurePolicy: Fail name: vslicerolebinding.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - slicerolebindings sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-sliceroletemplate failurePolicy: Fail name: vsliceroletemplate.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - sliceroletemplates sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-cluster failurePolicy: Fail name: vcluster.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - clusters sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-project failurePolicy: Fail name: vproject.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - projects sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-serviceexportconfig failurePolicy: Fail name: vserviceexportconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - serviceexportconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-sliceconfig failurePolicy: Fail name: vsliceconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - sliceconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-controller-kubeslice-io-v1alpha1-sliceqosconfig failurePolicy: Fail name: vsliceqosconfig.kb.io rules: - apiGroups: - controller.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE - DELETE resources: - sliceqosconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-worker-kubeslice-io-v1alpha1-workersliceconfig failurePolicy: Fail name: vworkersliceconfig.kb.io rules: - apiGroups: - worker.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - workersliceconfigs sideEffects: None - admissionReviewVersions: - v1 clientConfig: service: name: kubeslice-controller-webhook-service namespace: kubeslice-controller path: /validate-worker-kubeslice-io-v1alpha1-workerslicegateway failurePolicy: Fail name: vworkerslicegateway.kb.io rules: - apiGroups: - worker.kubeslice.io apiVersions: - v1alpha1 operations: - CREATE - UPDATE resources: - workerslicegateways sideEffects: None