3636 lines
142 KiB
YAML
3636 lines
142 KiB
YAML
---
|
|
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
|
|
apiVersion: v1
|
|
data:
|
|
.dockerconfigjson: {{
|
|
printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}"
|
|
.Values.imagePullSecrets.repository
|
|
.Values.imagePullSecrets.username
|
|
.Values.imagePullSecrets.password
|
|
.Values.imagePullSecrets.email
|
|
(printf "%s:%s" .Values.imagePullSecrets.username .Values.imagePullSecrets.password | b64enc)
|
|
| b64enc
|
|
}}
|
|
kind: Secret
|
|
metadata:
|
|
name: kubeslice-image-pull-secret
|
|
namespace: kubeslice-controller
|
|
type: kubernetes.io/dockerconfigjson
|
|
{{- end }}
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: clusters.controller.kubeslice.io
|
|
spec:
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: Cluster
|
|
listKind: ClusterList
|
|
plural: clusters
|
|
singular: cluster
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Cluster is the Schema for the clusters API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ClusterSpec defines the desired state of Cluster
|
|
properties:
|
|
clusterProperty:
|
|
description: put in an object
|
|
properties:
|
|
geoLocation:
|
|
description: GeoLocation contains information regarding Geographical Location of the Cluster
|
|
properties:
|
|
cloudProvider:
|
|
description: CloudProvider is the cloud service provider
|
|
type: string
|
|
cloudRegion:
|
|
description: CloudRegion is the region of the cloud
|
|
type: string
|
|
latitude:
|
|
description: Latitude is the latitude of the cluster
|
|
type: string
|
|
longitude:
|
|
description: Longitude is the longitude of the cluster
|
|
type: string
|
|
type: object
|
|
monitoring:
|
|
description: Monitoring contains the Kubernetes Monitoring Dashboard
|
|
properties:
|
|
kubernetesDashboard:
|
|
description: KubernetesDashboard contains the information regarding Kubernetes Monitoring Dashboard
|
|
properties:
|
|
accessToken:
|
|
description: AccessToken is the Access Token to access the KubernetesDashboard
|
|
type: string
|
|
enabled:
|
|
description: Enabled is the enable status of the KubernetesDashboard
|
|
type: boolean
|
|
endpoint:
|
|
description: Endpoint is the base endpoint to access the kubernetes dashboard
|
|
type: string
|
|
ingressPrefix:
|
|
description: IngressPrefix is the prefix of ingress gateway for KubernetesDashboard
|
|
type: string
|
|
type: object
|
|
type: object
|
|
telemetry:
|
|
description: Telemetry contains Telemetry information
|
|
properties:
|
|
enabled:
|
|
description: Enabled is the enable status of the Telemetry
|
|
type: boolean
|
|
endpoint:
|
|
description: Endpoint is the Telemetry Endpoint
|
|
type: string
|
|
telemetryProvider:
|
|
description: TelemetryProvider is the Telemetry Provider information
|
|
type: string
|
|
type: object
|
|
type: object
|
|
networkInterface:
|
|
description: NetworkInterface is the network interface attached with the cluster.
|
|
type: string
|
|
nodeIP:
|
|
description: NodeIP is the IP address of the Node
|
|
type: string
|
|
type: object
|
|
status:
|
|
description: ClusterStatus defines the observed state of Cluster
|
|
properties:
|
|
cniSubnet:
|
|
description: CniSubnet is the podip and service ip subnet of CNI
|
|
items:
|
|
type: string
|
|
type: array
|
|
namespaces:
|
|
description: Namespaces present in cluster
|
|
items:
|
|
properties:
|
|
name:
|
|
type: string
|
|
sliceName:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
secretName:
|
|
description: SecretName is the name of the secret for the worker cluster.
|
|
type: string
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: projects.controller.kubeslice.io
|
|
spec:
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: Project
|
|
listKind: ProjectList
|
|
plural: projects
|
|
singular: project
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: Project is the Schema for the projects API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ProjectSpec defines the desired state of Project
|
|
properties:
|
|
serviceAccount:
|
|
description: ServiceAccount is a field of Project. Edit project_types.go to remove/update
|
|
properties:
|
|
readOnly:
|
|
items:
|
|
type: string
|
|
type: array
|
|
readWrite:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: ProjectStatus defines the observed state of Project
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: serviceexportconfigs.controller.kubeslice.io
|
|
spec:
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: ServiceExportConfig
|
|
listKind: ServiceExportConfigList
|
|
plural: serviceexportconfigs
|
|
singular: serviceexportconfig
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: ServiceExportConfig is the Schema for the serviceexportconfigs API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: ServiceExportConfigSpec defines the desired state of ServiceExportConfig
|
|
properties:
|
|
serviceDiscoveryEndpoints:
|
|
description: the service discovery endpoint array
|
|
items:
|
|
properties:
|
|
cluster:
|
|
description: The ID of the cluster.
|
|
type: string
|
|
dnsName:
|
|
description: the dns_name of the service
|
|
type: string
|
|
nsmIp:
|
|
description: The NSM IP address.
|
|
type: string
|
|
podName:
|
|
description: The name of the pod.
|
|
type: string
|
|
port:
|
|
description: port of the service
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
serviceDiscoveryPorts:
|
|
description: The ports for the given service.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: The name of the port.
|
|
type: string
|
|
port:
|
|
description: The port number.
|
|
format: int32
|
|
type: integer
|
|
protocol:
|
|
description: The protocol.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
serviceName:
|
|
description: ServiceName is the name of the service
|
|
type: string
|
|
serviceNamespace:
|
|
type: string
|
|
sliceName:
|
|
description: The name of the slice.
|
|
type: string
|
|
sourceCluster:
|
|
description: clusterId is the id of the cluster where the service is available.
|
|
type: string
|
|
required:
|
|
- serviceName
|
|
- sliceName
|
|
- sourceCluster
|
|
type: object
|
|
status:
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: sliceconfigs.controller.kubeslice.io
|
|
spec:
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: SliceConfig
|
|
listKind: SliceConfigList
|
|
plural: sliceconfigs
|
|
singular: sliceconfig
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceConfig is the Schema for the sliceconfig API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SliceConfigSpec defines the desired state of SliceConfig
|
|
properties:
|
|
clusters:
|
|
items:
|
|
type: string
|
|
type: array
|
|
externalGatewayConfig:
|
|
items:
|
|
description: ExternalGatewayConfig is the configuration for external gateways like 'istio', etc/
|
|
properties:
|
|
clusters:
|
|
items:
|
|
type: string
|
|
type: array
|
|
egress:
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
type: object
|
|
gatewayType:
|
|
enum:
|
|
- none
|
|
- istio
|
|
type: string
|
|
ingress:
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
type: object
|
|
nsIngress:
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
type: array
|
|
maxClusters:
|
|
default: 16
|
|
maximum: 32
|
|
minimum: 2
|
|
type: integer
|
|
namespaceIsolationProfile:
|
|
properties:
|
|
allowedNamespaces:
|
|
items:
|
|
properties:
|
|
clusters:
|
|
items:
|
|
type: string
|
|
type: array
|
|
namespace:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
applicationNamespaces:
|
|
items:
|
|
properties:
|
|
clusters:
|
|
items:
|
|
type: string
|
|
type: array
|
|
namespace:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
isolationEnabled:
|
|
default: false
|
|
type: boolean
|
|
type: object
|
|
qosProfileDetails:
|
|
description: The custom QOS Profile Details
|
|
properties:
|
|
bandwidthCeilingKbps:
|
|
type: integer
|
|
bandwidthGuaranteedKbps:
|
|
type: integer
|
|
dscpClass:
|
|
enum:
|
|
- Default
|
|
- AF11
|
|
- AF12
|
|
- AF13
|
|
- AF21
|
|
- AF22
|
|
- AF23
|
|
- AF31
|
|
- AF32
|
|
- AF33
|
|
- AF41
|
|
- AF42
|
|
- AF43
|
|
- EF
|
|
type: string
|
|
priority:
|
|
type: integer
|
|
queueType:
|
|
default: HTB
|
|
type: string
|
|
tcType:
|
|
default: BANDWIDTH_CONTROL
|
|
type: string
|
|
required:
|
|
- bandwidthCeilingKbps
|
|
- bandwidthGuaranteedKbps
|
|
- dscpClass
|
|
- priority
|
|
- queueType
|
|
- tcType
|
|
type: object
|
|
sliceGatewayProvider:
|
|
description: WorkerSliceGatewayProvider defines the configuration for slicegateway
|
|
properties:
|
|
sliceCaType:
|
|
default: Local
|
|
type: string
|
|
sliceGatewayType:
|
|
default: OpenVPN
|
|
type: string
|
|
required:
|
|
- sliceCaType
|
|
- sliceGatewayType
|
|
type: object
|
|
sliceIpamType:
|
|
default: Local
|
|
type: string
|
|
sliceSubnet:
|
|
type: string
|
|
sliceType:
|
|
default: Application
|
|
type: string
|
|
standardQosProfileName:
|
|
type: string
|
|
required:
|
|
- sliceGatewayProvider
|
|
type: object
|
|
status:
|
|
description: SliceConfigStatus defines the observed state of SliceConfig
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: slicenodeaffinities.controller.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: SliceNodeAffinity
|
|
listKind: SliceNodeAffinityList
|
|
plural: slicenodeaffinities
|
|
singular: slicenodeaffinity
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceNodeAffinity is the Schema for the slicenodeaffinities API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SliceNodeAffinitySpec defines the desired state of SliceNodeAffinity
|
|
properties:
|
|
nodeAffinityProfiles:
|
|
description: NodeAffinityProfiles defines the node affinity profile for the slice
|
|
items:
|
|
properties:
|
|
cluster:
|
|
description: Cluster is the cluster in the slice this rule applies to
|
|
type: string
|
|
nodeAffinityRules:
|
|
description: NodeAffinityRules defines the node affinity profile for the slice
|
|
items:
|
|
properties:
|
|
namespace:
|
|
description: Namespace is the namespace in the slice this rule applies to
|
|
type: string
|
|
nodeSelectorLabels:
|
|
description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods
|
|
items:
|
|
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
status:
|
|
description: SliceNodeAffinityStatus defines the observed state of SliceNodeAffinity
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: sliceqosconfigs.controller.kubeslice.io
|
|
spec:
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: SliceQoSConfig
|
|
listKind: SliceQoSConfigList
|
|
plural: sliceqosconfigs
|
|
singular: sliceqosconfig
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceQoSConfig is the Schema for the sliceqosconfigs API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SliceQoSConfigSpec defines the desired state of SliceQoSConfig
|
|
properties:
|
|
bandwidthCeilingKbps:
|
|
type: integer
|
|
bandwidthGuaranteedKbps:
|
|
type: integer
|
|
dscpClass:
|
|
enum:
|
|
- Default
|
|
- AF11
|
|
- AF12
|
|
- AF13
|
|
- AF21
|
|
- AF22
|
|
- AF23
|
|
- AF31
|
|
- AF32
|
|
- AF33
|
|
- AF41
|
|
- AF42
|
|
- AF43
|
|
- EF
|
|
type: string
|
|
priority:
|
|
type: integer
|
|
queueType:
|
|
enum:
|
|
- HTB
|
|
type: string
|
|
tcType:
|
|
enum:
|
|
- BANDWIDTH_CONTROL
|
|
type: string
|
|
required:
|
|
- bandwidthCeilingKbps
|
|
- bandwidthGuaranteedKbps
|
|
- dscpClass
|
|
- priority
|
|
- queueType
|
|
- tcType
|
|
type: object
|
|
status:
|
|
description: SliceQoSConfigStatus defines the observed state of SliceQoSConfig
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: sliceresourcequotaconfigs.controller.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: SliceResourceQuotaConfig
|
|
listKind: SliceResourceQuotaConfigList
|
|
plural: sliceresourcequotaconfigs
|
|
singular: sliceresourcequotaconfig
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceResourceQuotaConfig is the Schema for the sliceresourcequotaconfigs API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SliceResourceQuotaConfigSpec defines the desired state of SliceResourceQuotaConfig
|
|
properties:
|
|
clusterQuota:
|
|
description: ClusterQuota defines the configuration for cluster quota of a resource quota
|
|
items:
|
|
description: ClusterQuota defines the configuration for cluster quota of a resource quota
|
|
properties:
|
|
clusterName:
|
|
description: ClusterName defines the name of the cluster in ClusterQuota
|
|
type: string
|
|
namespaceQuota:
|
|
description: NamespaceQuota defines the configuration for namespace quota of a ClusterQuota
|
|
items:
|
|
description: NamespaceQuota defines the configuration for namespace quota of a NamespaceQuota
|
|
properties:
|
|
enforceQuota:
|
|
default: false
|
|
description: EnforceQuota defines the enforceQuota status flag for NamespaceQuota
|
|
type: boolean
|
|
namespace:
|
|
description: Namespace defines the namespace of the NamespaceQuota
|
|
type: string
|
|
resources:
|
|
description: Resources defines the configuration for resources for NamespaceQuota
|
|
properties:
|
|
defaultLimitPerContainer:
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
defaultRequestPerContainer:
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
limit:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
request:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
resources:
|
|
description: Resources defines the configuration for resources for ClusterQuota
|
|
properties:
|
|
limit:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
request:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
sliceQuota:
|
|
description: SliceQuota defines the configuration for slice quota of a resource quota
|
|
properties:
|
|
resources:
|
|
description: Resources defines the configuration for resources for SliceQuota
|
|
properties:
|
|
defaultRequestPerContainer:
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
limit:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
request:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: object
|
|
status:
|
|
description: SliceResourceQuotaConfigStatus defines the observed state of SliceResourceQuotaConfig
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: slicerolebindings.controller.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: SliceRoleBinding
|
|
listKind: SliceRoleBindingList
|
|
plural: slicerolebindings
|
|
singular: slicerolebinding
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceRoleBinding is the Schema for the slicerolebindings API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
bindings:
|
|
items:
|
|
description: RoleBinding references a role, but does not contain it.
|
|
properties:
|
|
applyTo:
|
|
description: ApplyTo contains information about the namespace and the Subjects.
|
|
items:
|
|
description: ApplyTo contains information about the namespace and the Subjects. It adds who information via Subjects and namespace information by which namespace it exists in.
|
|
properties:
|
|
namespace:
|
|
description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. '*' Represents all namespaces
|
|
type: string
|
|
subjects:
|
|
description: Subjects holds references to the objects the role applies to.
|
|
items:
|
|
description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
|
type: string
|
|
kind:
|
|
description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
|
type: string
|
|
name:
|
|
description: Name of the object being referenced.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
roleRef:
|
|
description: RoleRef can reference a Role in the current namespace or a ClusterRole in the global namespace. If the RoleRef cannot be resolved, the Authorizer must return an error.
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- apiVersion
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: object
|
|
type: array
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
status:
|
|
properties:
|
|
roleRefConditions:
|
|
items:
|
|
properties:
|
|
condition:
|
|
description: Condition defines conditions of a RoleRef, one of INVALID_NS, NOT_ACCESSIBLE, INVALID_RULE, INVALID_ROLE_BINDING.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: The last time this condition was updated.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: A human-readable message indicating details about the transition.
|
|
type: string
|
|
namespace:
|
|
description: Name of the Namespace in case of INVALID_NS condition.
|
|
type: string
|
|
reason:
|
|
description: The reason for the condition's last transition.
|
|
type: string
|
|
roleRef:
|
|
description: Name, APIVersion and Kind of the RoleRef
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- apiVersion
|
|
- kind
|
|
- name
|
|
type: object
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
required:
|
|
- condition
|
|
- lastUpdateTime
|
|
- reason
|
|
- roleRef
|
|
- status
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: sliceroletemplates.controller.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: controller.kubeslice.io
|
|
names:
|
|
kind: SliceRoleTemplate
|
|
listKind: SliceRoleTemplateList
|
|
plural: sliceroletemplates
|
|
singular: sliceroletemplate
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: SliceRoleTemplate is the Schema for the sliceroletemplates API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
rules:
|
|
items:
|
|
description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
|
|
properties:
|
|
apiGroups:
|
|
description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nonResourceURLs:
|
|
description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resourceNames:
|
|
description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resources:
|
|
description: Resources is a list of resources this rule applies to. '*' represents all resources.
|
|
items:
|
|
type: string
|
|
type: array
|
|
verbs:
|
|
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- verbs
|
|
type: object
|
|
type: array
|
|
status:
|
|
description: SliceRoleTemplateStatus defines the observed state of SliceResourceQuotaConfig
|
|
type: object
|
|
required:
|
|
- rules
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: workerserviceimports.worker.kubeslice.io
|
|
spec:
|
|
group: worker.kubeslice.io
|
|
names:
|
|
kind: WorkerServiceImport
|
|
listKind: WorkerServiceImportList
|
|
plural: workerserviceimports
|
|
singular: workerserviceimport
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: WorkerServiceImport is the Schema for the workerserviceimport API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: WorkerServiceImportSpec defines the desired state of WorkerServiceImport
|
|
properties:
|
|
serviceDiscoveryEndpoints:
|
|
description: the service discovery endpoint array
|
|
items:
|
|
properties:
|
|
cluster:
|
|
description: The ID of the cluster.
|
|
type: string
|
|
dnsName:
|
|
description: the dns_name of the service
|
|
type: string
|
|
nsmIp:
|
|
description: The NSM IP address.
|
|
type: string
|
|
podName:
|
|
description: The name of the pod.
|
|
type: string
|
|
port:
|
|
description: port of the service
|
|
format: int32
|
|
type: integer
|
|
type: object
|
|
type: array
|
|
serviceDiscoveryPorts:
|
|
description: The ports for the given service.
|
|
items:
|
|
properties:
|
|
name:
|
|
description: The name of the port.
|
|
type: string
|
|
port:
|
|
description: The port number.
|
|
format: int32
|
|
type: integer
|
|
protocol:
|
|
description: The protocol.
|
|
type: string
|
|
type: object
|
|
type: array
|
|
serviceName:
|
|
description: ServiceName is the name of the service
|
|
type: string
|
|
serviceNamespace:
|
|
description: ServiceNamespace is the namespace of the service
|
|
type: string
|
|
sliceName:
|
|
description: The name of the slice.
|
|
type: string
|
|
sourceClusters:
|
|
description: clusterId is the id of the cluster where the service is available.
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
status:
|
|
description: WorkerServiceImportStatus defines the observed state of WorkerServiceImport
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: workersliceconfigs.worker.kubeslice.io
|
|
spec:
|
|
group: worker.kubeslice.io
|
|
names:
|
|
kind: WorkerSliceConfig
|
|
listKind: WorkerSliceConfigList
|
|
plural: workersliceconfigs
|
|
singular: workersliceconfig
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: WorkerSliceConfig is the Schema for the slice API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: WorkerSliceConfigSpec defines the desired state of Slice
|
|
properties:
|
|
clusterSubnetCIDR:
|
|
type: string
|
|
externalGatewayConfig:
|
|
properties:
|
|
egress:
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
type: object
|
|
gatewayType:
|
|
enum:
|
|
- none
|
|
- istio
|
|
type: string
|
|
ingress:
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
type: object
|
|
nsIngress:
|
|
properties:
|
|
enabled:
|
|
type: boolean
|
|
type: object
|
|
type: object
|
|
ipamClusterOctet:
|
|
type: integer
|
|
namespaceIsolationProfile:
|
|
properties:
|
|
allowedNamespaces:
|
|
items:
|
|
type: string
|
|
type: array
|
|
applicationNamespaces:
|
|
items:
|
|
type: string
|
|
type: array
|
|
isolationEnabled:
|
|
default: false
|
|
type: boolean
|
|
type: object
|
|
octet:
|
|
type: integer
|
|
qosProfileDetails:
|
|
description: QOSProfile is the QOS Profile configuration from backend
|
|
properties:
|
|
bandwidthCeilingKbps:
|
|
type: integer
|
|
bandwidthGuaranteedKbps:
|
|
type: integer
|
|
dscpClass:
|
|
enum:
|
|
- Default
|
|
- AF11
|
|
- AF12
|
|
- AF13
|
|
- AF21
|
|
- AF22
|
|
- AF23
|
|
- AF31
|
|
- AF32
|
|
- AF33
|
|
- AF41
|
|
- AF42
|
|
- AF43
|
|
- EF
|
|
type: string
|
|
priority:
|
|
type: integer
|
|
queueType:
|
|
default: HTB
|
|
type: string
|
|
tcType:
|
|
type: string
|
|
type: object
|
|
sliceGatewayProvider:
|
|
description: WorkerSliceGatewayProvider defines the configuration for slicegateway
|
|
properties:
|
|
sliceCaType:
|
|
default: Local
|
|
type: string
|
|
sliceGatewayType:
|
|
default: OpenVPN
|
|
type: string
|
|
type: object
|
|
sliceIpamType:
|
|
default: Local
|
|
type: string
|
|
sliceName:
|
|
type: string
|
|
sliceSubnet:
|
|
type: string
|
|
sliceType:
|
|
default: Application
|
|
type: string
|
|
required:
|
|
- octet
|
|
type: object
|
|
status:
|
|
description: WorkerSliceConfigStatus defines the observed state of Slice
|
|
properties:
|
|
connectedAppPods:
|
|
items:
|
|
description: AppPod defines the app pods connected to slice
|
|
properties:
|
|
nsmInterface:
|
|
description: NsmInterface is the nsm interface of App
|
|
type: string
|
|
nsmIp:
|
|
description: NsmIP is the nsm ip of App
|
|
type: string
|
|
nsmPeerIp:
|
|
description: PeerIp is the nsm peer ip of gateway
|
|
type: string
|
|
podIp:
|
|
description: PodIP is App Pod IP
|
|
type: string
|
|
podName:
|
|
description: PodName is App Pod Name
|
|
type: string
|
|
podNamespace:
|
|
description: PodNamespace is App Pod Namespace
|
|
type: string
|
|
type: object
|
|
type: array
|
|
onboardedAppNamespaces:
|
|
items:
|
|
properties:
|
|
name:
|
|
type: string
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
creationTimestamp: null
|
|
name: workerslicegateways.worker.kubeslice.io
|
|
spec:
|
|
group: worker.kubeslice.io
|
|
names:
|
|
kind: WorkerSliceGateway
|
|
listKind: WorkerSliceGatewayList
|
|
plural: workerslicegateways
|
|
singular: workerslicegateway
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: WorkerSliceGateway is the Schema for the slicegateways API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: WorkerSliceGatewaySpec defines the desired state of WorkerSliceGateway
|
|
properties:
|
|
gatewayCredentials:
|
|
properties:
|
|
secretName:
|
|
type: string
|
|
type: object
|
|
gatewayHostType:
|
|
enum:
|
|
- Client
|
|
- Server
|
|
type: string
|
|
gatewayNumber:
|
|
type: integer
|
|
gatewayType:
|
|
default: OpenVPN
|
|
type: string
|
|
localGatewayConfig:
|
|
properties:
|
|
clusterName:
|
|
type: string
|
|
gatewayName:
|
|
type: string
|
|
gatewaySubnet:
|
|
type: string
|
|
nodeIp:
|
|
type: string
|
|
nodePort:
|
|
type: integer
|
|
vpnIp:
|
|
type: string
|
|
type: object
|
|
remoteGatewayConfig:
|
|
properties:
|
|
clusterName:
|
|
type: string
|
|
gatewayName:
|
|
type: string
|
|
gatewaySubnet:
|
|
type: string
|
|
nodeIp:
|
|
type: string
|
|
nodePort:
|
|
type: integer
|
|
vpnIp:
|
|
type: string
|
|
type: object
|
|
sliceName:
|
|
type: string
|
|
type: object
|
|
status:
|
|
description: WorkerSliceGatewayStatus defines the observed state of WorkerSliceGateway
|
|
properties:
|
|
clusterInsertionIndex:
|
|
type: integer
|
|
gatewayNumber:
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: workerslicenodeaffinities.worker.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: worker.kubeslice.io
|
|
names:
|
|
kind: WorkerSliceNodeAffinity
|
|
listKind: WorkerSliceNodeAffinityList
|
|
plural: workerslicenodeaffinities
|
|
singular: workerslicenodeaffinity
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: WorkerSliceNodeAffinity is the Schema for the workerslicenodeaffinities API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: WorkerSliceNodeAffinitySpec defines the desired state of WorkerSliceNodeAffinity
|
|
properties:
|
|
clusterName:
|
|
description: ClusterName defines the name of the cluster for the WorkerSliceNodeAffinity
|
|
type: string
|
|
nodeAffinityRules:
|
|
description: NodeAffinityRules defines the node affinity profile for the slice
|
|
items:
|
|
properties:
|
|
namespace:
|
|
description: Namespace is the namespace in the slice this rule applies to
|
|
type: string
|
|
nodeSelectorLabels:
|
|
description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods
|
|
items:
|
|
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
sliceName:
|
|
description: SliceName defines the name of the slice for the WorkerSliceNodeAffinity
|
|
type: string
|
|
type: object
|
|
status:
|
|
description: WorkerSliceNodeAffinityStatus defines the observed state of WorkerSliceNodeAffinity
|
|
properties:
|
|
nodeAffinityRules:
|
|
description: 'INSERT ADDITIONAL STATUS FIELD - define observed state of cluster Important: Run "make" to regenerate code after modifying this file'
|
|
items:
|
|
properties:
|
|
namespace:
|
|
description: Namespace is the namespace in the slice this rule applies to
|
|
type: string
|
|
nodeSelectorLabels:
|
|
description: NodeSelectorLabels defines the label selectors to select nodes for assigning to pods
|
|
items:
|
|
description: A node selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
|
|
properties:
|
|
key:
|
|
description: The label key that the selector applies to.
|
|
type: string
|
|
operator:
|
|
description: Represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists, DoesNotExist. Gt, and Lt.
|
|
type: string
|
|
values:
|
|
description: An array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. If the operator is Gt or Lt, the values array must have a single element, which will be interpreted as an integer. This array is replaced during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: workersliceresourcequotas.worker.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: worker.kubeslice.io
|
|
names:
|
|
kind: WorkerSliceResourceQuota
|
|
listKind: WorkerSliceResourceQuotaList
|
|
plural: workersliceresourcequotas
|
|
singular: workersliceresourcequota
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: WorkerSliceResourceQuota is the Schema for the workersliceresourcequota API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: WorkerSliceResourceQuotaSpec defines the desired state of WorkerSliceResourceQuota
|
|
properties:
|
|
clusterName:
|
|
description: ClusterName defines the name of the cluster for the WorkerResourceQuota
|
|
type: string
|
|
resourceQuotaProfile:
|
|
description: ResourceQuotaProfile defines the resource quota profile for the slice
|
|
properties:
|
|
clusterQuota:
|
|
description: ClusterQuota defines the configuration for cluster quota of a resource quota
|
|
properties:
|
|
namespaceQuota:
|
|
description: NamespaceQuota defines the configuration for namespace quota of a ClusterQuota
|
|
items:
|
|
description: NamespaceQuota defines the configuration for namespace quota of a namespaceQuota
|
|
properties:
|
|
enforceQuota:
|
|
default: false
|
|
description: EnforceQuota defines the enforceQuota status flag for NamespaceQuota
|
|
type: boolean
|
|
namespace:
|
|
description: Namespace defines the namespace of the NamespaceQuota
|
|
type: string
|
|
resources:
|
|
description: Resources defines the configuration for resources for NamespaceQuota
|
|
properties:
|
|
defaultLimitPerContainer:
|
|
description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
defaultRequestPerContainer:
|
|
description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
limit:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
request:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: array
|
|
resources:
|
|
description: Resources defines the configuration for resources for ClusterQuota
|
|
properties:
|
|
limit:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
request:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
sliceQuota:
|
|
description: SliceQuota defines the configuration for slice quota of a resource quota
|
|
properties:
|
|
resources:
|
|
description: Resources defines the configuration for resources for SliceQuota
|
|
properties:
|
|
defaultRequestPerContainer:
|
|
description: DefaultResourcePerContainer is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
limit:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
request:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
type: object
|
|
type: object
|
|
type: object
|
|
sliceName:
|
|
description: SliceName defines the name of the slice for the WorkerResourceQuota
|
|
type: string
|
|
type: object
|
|
status:
|
|
description: WorkerSliceResourceQuotaStatus defines the observed state of WorkerSliceResourceQuota
|
|
properties:
|
|
clusterResourceQuotaStatus:
|
|
properties:
|
|
namespaceResourceQuotaStatus:
|
|
items:
|
|
properties:
|
|
namespace:
|
|
type: string
|
|
requestResourceUsage:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
resourceUsage:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
type: array
|
|
requestResourceUsage:
|
|
description: RequestResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
type: object
|
|
resourceUsage:
|
|
description: LimitResourceList is a set of (resource name, quantity) pairs.
|
|
properties:
|
|
cpu:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: CPU in cores. (500m = .5 cores)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
ephemeralStorage:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: EphemeralStorage Local ephemeral storage, in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024) The resource name for EphemeralStorage is alpha, and it can change across releases.
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
memory:
|
|
anyOf:
|
|
- type: integer
|
|
- type: string
|
|
description: Memory in bytes. (500Gi = 500GiB = 500 * 1024 * 1024 * 1024)
|
|
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
|
|
x-kubernetes-int-or-string: true
|
|
podCount:
|
|
description: PodCount in number.
|
|
format: int64
|
|
type: integer
|
|
type: object
|
|
type: object
|
|
onboardedNamespace:
|
|
items:
|
|
type: string
|
|
type: array
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
controller-gen.kubebuilder.io/version: v0.7.0
|
|
name: workerslicerolebindings.worker.kubeslice.io
|
|
spec:
|
|
conversion:
|
|
strategy: Webhook
|
|
webhook:
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /convert
|
|
conversionReviewVersions:
|
|
- v1
|
|
group: worker.kubeslice.io
|
|
names:
|
|
kind: WorkerSliceRoleBinding
|
|
listKind: WorkerSliceRoleBindingList
|
|
plural: workerslicerolebindings
|
|
singular: workerslicerolebinding
|
|
scope: Namespaced
|
|
versions:
|
|
- name: v1alpha1
|
|
schema:
|
|
openAPIV3Schema:
|
|
description: WorkerSliceRoleBinding is the Schema for the workerslicerolebindings API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
bindings:
|
|
properties:
|
|
applyTo:
|
|
description: ApplyTo contains information about the namespace and the Subjects.
|
|
items:
|
|
description: ApplyTo contains information about the namespace and the Subjects. It adds who information via Subjects and namespace information by which namespace it exists in.
|
|
properties:
|
|
namespace:
|
|
description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error. '*' Represents all namespaces
|
|
type: string
|
|
subjects:
|
|
description: Subjects holds references to the objects the role applies to.
|
|
items:
|
|
description: Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference, or a value for non-objects such as user and group names.
|
|
properties:
|
|
apiGroup:
|
|
description: APIGroup holds the API group of the referenced subject. Defaults to "" for ServiceAccount subjects. Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
|
|
type: string
|
|
kind:
|
|
description: Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount". If the Authorizer does not recognized the kind value, the Authorizer should report an error.
|
|
type: string
|
|
name:
|
|
description: Name of the object being referenced.
|
|
type: string
|
|
namespace:
|
|
description: Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty the Authorizer should report an error.
|
|
type: string
|
|
required:
|
|
- kind
|
|
- name
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: array
|
|
rules:
|
|
items:
|
|
description: PolicyRule holds information that describes a policy rule, but does not contain information about who the rule applies to or which namespace the rule applies to.
|
|
properties:
|
|
apiGroups:
|
|
description: APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of the enumerated resources in any API group will be allowed.
|
|
items:
|
|
type: string
|
|
type: array
|
|
nonResourceURLs:
|
|
description: NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding. Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resourceNames:
|
|
description: ResourceNames is an optional white list of names that the rule applies to. An empty set means that everything is allowed.
|
|
items:
|
|
type: string
|
|
type: array
|
|
resources:
|
|
description: Resources is a list of resources this rule applies to. '*' represents all resources.
|
|
items:
|
|
type: string
|
|
type: array
|
|
verbs:
|
|
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds contained in this rule. '*' represents all verbs.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- verbs
|
|
type: object
|
|
type: array
|
|
type: object
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
status:
|
|
properties:
|
|
roleRefCondition:
|
|
properties:
|
|
condition:
|
|
description: Condition defines conditions of the RoleRef, one of INVALID_RULE, INVALID_ROLE_BINDING.
|
|
type: string
|
|
lastUpdateTime:
|
|
description: The last time this condition was updated.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: A human-readable message indicating details about the transition.
|
|
type: string
|
|
reason:
|
|
description: The reason for the condition's last transition.
|
|
type: string
|
|
roleRef:
|
|
description: Name, APIGroup and Kind of the RoleRef
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: Kind is the type of resource being referenced
|
|
type: string
|
|
name:
|
|
description: Name is the name of resource being referenced
|
|
type: string
|
|
required:
|
|
- apiVersion
|
|
- kind
|
|
- name
|
|
type: object
|
|
status:
|
|
description: Status of the condition, one of True, False, Unknown.
|
|
type: string
|
|
required:
|
|
- condition
|
|
- lastUpdateTime
|
|
- reason
|
|
- roleRef
|
|
- status
|
|
type: object
|
|
type: object
|
|
type: object
|
|
served: true
|
|
storage: true
|
|
subresources:
|
|
status: {}
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kubeslice-controller-controller-manager
|
|
namespace: kubeslice-controller
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kubeslice-controller-ovpn-manager
|
|
namespace: kubeslice-controller
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: Role
|
|
metadata:
|
|
name: kubeslice-controller-leader-election-role
|
|
namespace: kubeslice-controller
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- coordination.k8s.io
|
|
resources:
|
|
- leases
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- create
|
|
- update
|
|
- patch
|
|
- delete
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- patch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
creationTimestamp: null
|
|
name: kubeslice-controller-controller-role
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- events
|
|
verbs:
|
|
- create
|
|
- escalate
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- escalate
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- escalate
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- serviceaccounts
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- jobs
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
resources:
|
|
- clusters
|
|
- projects
|
|
- serviceexportconfigs
|
|
- sliceconfigs
|
|
- slicenodeaffinities
|
|
- sliceqosconfigs
|
|
- sliceresourcequotaconfigs
|
|
- slicerolebindings
|
|
- sliceroletemplates
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
resources:
|
|
- clusters/finalizers
|
|
- projects/finalizers
|
|
- serviceexportconfigs/finalizers
|
|
- sliceconfigs/finalizers
|
|
- slicenodeaffinities/finalizers
|
|
- sliceqosconfigs/finalizers
|
|
- sliceresourcequotaconfigs/finalizers
|
|
- slicerolebindings/finalizers
|
|
- sliceroletemplates/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
resources:
|
|
- clusters/status
|
|
- projects/status
|
|
- serviceexportconfigs/status
|
|
- sliceconfigs/status
|
|
- slicenodeaffinities/status
|
|
- sliceqosconfigs/status
|
|
- sliceresourcequotaconfigs/status
|
|
- slicerolebindings/status
|
|
- sliceroletemplates/status
|
|
verbs:
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- rbac.authorization.k8s.io
|
|
resources:
|
|
- clusterroles
|
|
- rolebindings
|
|
- roles
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
resources:
|
|
- workerserviceimports
|
|
- workersliceconfigs
|
|
- workerslicegateways
|
|
- workerslicenodeaffinities
|
|
- workersliceresourcequotas
|
|
- workerslicerolebindings
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
resources:
|
|
- workerserviceimports/finalizers
|
|
- workersliceconfigs/finalizers
|
|
- workerslicegateways/finalizers
|
|
- workerslicenodeaffinities/finalizers
|
|
- workersliceresourcequotas/finalizers
|
|
- workerslicerolebindings/finalizers
|
|
verbs:
|
|
- update
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
resources:
|
|
- workerserviceimports/status
|
|
- workersliceconfigs/status
|
|
- workerslicegateways/status
|
|
- workerslicenodeaffinities/status
|
|
- workersliceresourcequotas/status
|
|
- workerslicerolebindings/status
|
|
verbs:
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: kube-state-metrics
|
|
app.kubernetes.io/version: v1.8.0
|
|
name: kubeslice-controller-kube-state-metrics
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- configmaps
|
|
- secrets
|
|
- nodes
|
|
- pods
|
|
- services
|
|
- resourcequotas
|
|
- replicationcontrollers
|
|
- limitranges
|
|
- persistentvolumeclaims
|
|
- persistentvolumes
|
|
- namespaces
|
|
- endpoints
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
resources:
|
|
- daemonsets
|
|
- deployments
|
|
- replicasets
|
|
- ingresses
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- apps
|
|
resources:
|
|
- statefulsets
|
|
- daemonsets
|
|
- deployments
|
|
- replicasets
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- batch
|
|
resources:
|
|
- cronjobs
|
|
- jobs
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- autoscaling
|
|
resources:
|
|
- horizontalpodautoscalers
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- authentication.k8s.io
|
|
resources:
|
|
- tokenreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- authorization.k8s.io
|
|
resources:
|
|
- subjectaccessreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- policy
|
|
resources:
|
|
- poddisruptionbudgets
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- certificates.k8s.io
|
|
resources:
|
|
- certificatesigningrequests
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- storage.k8s.io
|
|
resources:
|
|
- storageclasses
|
|
- volumeattachments
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- admissionregistration.k8s.io
|
|
resources:
|
|
- mutatingwebhookconfigurations
|
|
- validatingwebhookconfigurations
|
|
verbs:
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- networking.k8s.io
|
|
resources:
|
|
- networkpolicies
|
|
verbs:
|
|
- list
|
|
- watch
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeslice-controller-metrics-reader
|
|
rules:
|
|
- nonResourceURLs:
|
|
- /metrics
|
|
verbs:
|
|
- get
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeslice-controller-ovpn-editor-role
|
|
rules:
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
resources:
|
|
- workerslicegateways
|
|
verbs:
|
|
- create
|
|
- delete
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- namespaces
|
|
verbs:
|
|
- escalate
|
|
- get
|
|
- list
|
|
- patch
|
|
- update
|
|
- watch
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- secrets
|
|
verbs:
|
|
- escalate
|
|
- get
|
|
- list
|
|
- watch
|
|
- update
|
|
- patch
|
|
- create
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
resources:
|
|
- workerslicegateways/status
|
|
verbs:
|
|
- get
|
|
- patch
|
|
- update
|
|
---
|
|
{{ if .Values.kubeslice.prometheus.enabled}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeslice-controller-prometheus
|
|
rules:
|
|
- apiGroups:
|
|
- ""
|
|
resources:
|
|
- nodes
|
|
- nodes/proxy
|
|
- services
|
|
- endpoints
|
|
- pods
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- apiGroups:
|
|
- extensions
|
|
resources:
|
|
- ingresses
|
|
verbs:
|
|
- get
|
|
- list
|
|
- watch
|
|
- nonResourceURLs:
|
|
- /metrics
|
|
verbs:
|
|
- get
|
|
{{ end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRole
|
|
metadata:
|
|
name: kubeslice-controller-proxy-role
|
|
rules:
|
|
- apiGroups:
|
|
- authentication.k8s.io
|
|
resources:
|
|
- tokenreviews
|
|
verbs:
|
|
- create
|
|
- apiGroups:
|
|
- authorization.k8s.io
|
|
resources:
|
|
- subjectaccessreviews
|
|
verbs:
|
|
- create
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: RoleBinding
|
|
metadata:
|
|
name: kubeslice-controller-leader-election-rolebinding
|
|
namespace: kubeslice-controller
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: Role
|
|
name: kubeslice-controller-leader-election-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kubeslice-controller-controller-manager
|
|
namespace: kubeslice-controller
|
|
---
|
|
{{ if .Values.kubeslice.prometheus.enabled}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
labels:
|
|
app.kubernetes.io/name: kube-state-metrics
|
|
app.kubernetes.io/version: v1.8.0
|
|
name: kubeslice-controller-kube-state-metrics
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kubeslice-controller-kube-state-metrics
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kube-state-metrics
|
|
namespace: kube-system
|
|
{{ end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: kubeslice-controller-manager-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kubeslice-controller-controller-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kubeslice-controller-controller-manager
|
|
namespace: kubeslice-controller
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: kubeslice-controller-ovpn-controller-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kubeslice-controller-ovpn-editor-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kubeslice-controller-ovpn-manager
|
|
namespace: kubeslice-controller
|
|
---
|
|
{{ if .Values.kubeslice.prometheus.enabled}}
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: kubeslice-controller-prometheus
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kubeslice-controller-prometheus
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: default
|
|
namespace: kubeslice-controller
|
|
{{ end }}
|
|
---
|
|
apiVersion: rbac.authorization.k8s.io/v1
|
|
kind: ClusterRoleBinding
|
|
metadata:
|
|
name: kubeslice-controller-proxy-rolebinding
|
|
roleRef:
|
|
apiGroup: rbac.authorization.k8s.io
|
|
kind: ClusterRole
|
|
name: kubeslice-controller-proxy-role
|
|
subjects:
|
|
- kind: ServiceAccount
|
|
name: kubeslice-controller-controller-manager
|
|
namespace: kubeslice-controller
|
|
---
|
|
apiVersion: v1
|
|
data:
|
|
controller_manager_config.yaml: |
|
|
apiVersion: controller-runtime.sigs.k8s.io/v1alpha1
|
|
kind: ControllerManagerConfig
|
|
health:
|
|
healthProbeBindAddress: :8081
|
|
metrics:
|
|
bindAddress: 127.0.0.1:8080
|
|
webhook:
|
|
port: 9443
|
|
leaderElection:
|
|
leaderElect: true
|
|
resourceName: 35a65c38.kubeslice.io
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: kubeslice-controller-manager-config
|
|
namespace: kubeslice-controller
|
|
---
|
|
{{ if .Values.kubeslice.prometheus.enabled}}
|
|
apiVersion: v1
|
|
data:
|
|
prometheus.rules: |-
|
|
groups:
|
|
- name: Resource Quota violation alerts
|
|
rules:
|
|
- alert: Slice Resource Quota Violation
|
|
expr: kubeslice_controller_slice_quota_violation > 0
|
|
for: 1m
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: "Slice Resource Usage Exceeded Quota"
|
|
description: "The slice {{ "{{" }} $labels.slice_name}} has CPU usage {{ "{{" }} $labels.cpu}} and memory usage {{ "{{" }} $labels.memory}}: violated by {{ "{{" }} $labels.violated_resource_type}}"
|
|
- alert: Cluster Resource Quota Violation
|
|
expr: kubeslice_controller_cluster_quota_violation > 0
|
|
for: 1m
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: "Cluster Resource Usage Exceeded Quota"
|
|
description: "The cluster {{ "{{" }} $labels.cluster_name}} has CPU usage {{ "{{" }} $labels.cpu}} and memory usage {{ "{{" }} $labels.memory}}: violated by {{ "{{" }} $labels.violated_resource_type}}"
|
|
- alert: Namespace Resource Quota Violation
|
|
expr: kubeslice_controller_namespace_quota_violation > 0
|
|
for: 1m
|
|
labels:
|
|
severity: critical
|
|
annotations:
|
|
summary: "Namespace Resource Usage Exceeded Quota"
|
|
description: "The namespace {{ "{{" }}$labels.namespace}} has CPU usage {{ "{{" }}$labels.cpu}} and memory usage {{ "{{" }}$labels.memory}}: violated by {{ "{{" }}$labels.violated_resource_type}}"
|
|
prometheus.yml: |-
|
|
global:
|
|
scrape_interval: 5s
|
|
evaluation_interval: 5s
|
|
rule_files:
|
|
- /etc/prometheus/prometheus.rules
|
|
scrape_configs:
|
|
- job_name: 'kubernetes-pods'
|
|
kubernetes_sd_configs:
|
|
- role: pod
|
|
relabel_configs:
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_scrape]
|
|
action: keep
|
|
regex: true
|
|
- source_labels: [__meta_kubernetes_pod_annotation_prometheus_io_path]
|
|
action: replace
|
|
target_label: __metrics_path__
|
|
regex: (.+)
|
|
- source_labels: [__address__, __meta_kubernetes_pod_annotation_prometheus_io_port]
|
|
action: replace
|
|
regex: ([^:]+)(?::\d+)?;(\d+)
|
|
replacement: $1:$2
|
|
target_label: __address__
|
|
- action: labelmap
|
|
regex: __meta_kubernetes_pod_label_(.+)
|
|
- source_labels: [__meta_kubernetes_namespace]
|
|
action: replace
|
|
target_label: kubernetes_namespace
|
|
- source_labels: [__meta_kubernetes_pod_name]
|
|
action: replace
|
|
target_label: kubernetes_pod_name
|
|
kind: ConfigMap
|
|
metadata:
|
|
labels:
|
|
name: prometheus-server-conf
|
|
name: kubeslice-controller-prometheus-server-conf
|
|
namespace: kubeslice-controller
|
|
{{ end }}
|
|
---
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
name: kubeslice-controller-controller-manager-metrics-service
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
ports:
|
|
- name: https
|
|
port: 8443
|
|
protocol: TCP
|
|
targetPort: https
|
|
selector:
|
|
control-plane: controller-manager
|
|
---
|
|
{{ if .Values.kubeslice.prometheus.enabled}}
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: kubeslice-controller-prometheus-service
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
ports:
|
|
- port: 9090
|
|
targetPort: 9090
|
|
selector:
|
|
app: prometheus-server
|
|
type: ClusterIP
|
|
{{ end }}
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
ports:
|
|
- port: 443
|
|
protocol: TCP
|
|
targetPort: 9443
|
|
selector:
|
|
control-plane: controller-manager
|
|
---
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: kubeslice-controller-cleanup
|
|
annotations:
|
|
# This is what defines this resource as a hook. Without this line, the
|
|
# job is considered part of the release.
|
|
"helm.sh/hook": pre-delete
|
|
"helm.sh/hook-delete-policy": hook-succeeded,hook-failed
|
|
spec:
|
|
template:
|
|
spec:
|
|
serviceAccountName: kubeslice-controller-controller-manager
|
|
containers:
|
|
- name: cleanup
|
|
image: '{{ .Values.kubeslice.controller.image }}:{{ .Values.kubeslice.controller.tag }}'
|
|
imagePullPolicy: '{{ .Values.kubeslice.controller.pullPolicy }}'
|
|
command:
|
|
- /cleanup
|
|
env:
|
|
- name: KUBESLICE_CONTROLLER_MANAGER_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
imagePullSecrets:
|
|
- name: kubeslice-image-pull-secret
|
|
restartPolicy: Never
|
|
backoffLimit: 1
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
control-plane: controller-manager
|
|
name: kubeslice-controller-manager
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
control-plane: controller-manager
|
|
template:
|
|
metadata:
|
|
annotations:
|
|
kubectl.kubernetes.io/default-container: manager
|
|
prometheus.io/port: "18080"
|
|
prometheus.io/scrape: "true"
|
|
labels:
|
|
control-plane: controller-manager
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --secure-listen-address=0.0.0.0:8443
|
|
- --upstream=http://127.0.0.1:8080/
|
|
- --logtostderr=true
|
|
- --v=0
|
|
image: '{{ .Values.kubeslice.rbacproxy.image }}:{{ .Values.kubeslice.rbacproxy.tag }}'
|
|
name: kube-rbac-proxy
|
|
ports:
|
|
- containerPort: 8443
|
|
name: https
|
|
protocol: TCP
|
|
- args:
|
|
- --health-probe-bind-address=:8081
|
|
- --metrics-bind-address=127.0.0.1:8080
|
|
- --leader-elect
|
|
- --log-level={{ required "A valid value is required!" .Values.kubeslice.controller.logLevel }}
|
|
- --rbac-resource-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.rbacResourcePrefix }}
|
|
- --project-namespace-prefix={{ required "A valid value is required!" .Values.kubeslice.controller.projectnsPrefix }}
|
|
- --controller-end-point={{ required "A valid value is required!" .Values.kubeslice.controller.endpoint }}
|
|
- --prometheus-service-endpoint={{ required "A valid value is required!" .Values.kubeslice.prometheus.url}}
|
|
- --ovpn-job-image={{ .Values.kubeslice.ovpnJob.image }}:{{ .Values.kubeslice.ovpnJob.tag }}
|
|
command:
|
|
- /manager
|
|
env:
|
|
- name: KUBESLICE_CONTROLLER_MANAGER_NAMESPACE
|
|
valueFrom:
|
|
fieldRef:
|
|
fieldPath: metadata.namespace
|
|
image: '{{ .Values.kubeslice.controller.image }}:{{ .Values.kubeslice.controller.tag }}'
|
|
imagePullPolicy: '{{ .Values.kubeslice.controller.pullPolicy }}'
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthz
|
|
port: 8081
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 20
|
|
name: manager
|
|
ports:
|
|
- containerPort: 9443
|
|
name: webhook-server
|
|
protocol: TCP
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readyz
|
|
port: 8081
|
|
initialDelaySeconds: 5
|
|
periodSeconds: 10
|
|
resources:
|
|
limits:
|
|
cpu: 500m
|
|
memory: 128Mi
|
|
requests:
|
|
cpu: 10m
|
|
memory: 64Mi
|
|
securityContext:
|
|
allowPrivilegeEscalation: false
|
|
volumeMounts:
|
|
- mountPath: /tmp/k8s-webhook-server/serving-certs
|
|
name: cert
|
|
readOnly: true
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
serviceAccountName: kubeslice-controller-controller-manager
|
|
terminationGracePeriodSeconds: 10
|
|
volumes:
|
|
- name: cert
|
|
secret:
|
|
defaultMode: 420
|
|
secretName: webhook-server-cert
|
|
{{- if and .Values.imagePullSecrets .Values.imagePullSecrets.repository .Values.imagePullSecrets.username .Values.imagePullSecrets.password }}
|
|
imagePullSecrets:
|
|
- name: kubeslice-image-pull-secret
|
|
{{- end }}
|
|
---
|
|
{{ if .Values.kubeslice.prometheus.enabled}}
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
labels:
|
|
app: prometheus-server
|
|
name: kubeslice-controller-prometheus
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: prometheus-server
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 1
|
|
maxUnavailable: 0
|
|
type: RollingUpdate
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: prometheus-server
|
|
spec:
|
|
containers:
|
|
- args:
|
|
- --config.file=/etc/prometheus/prometheus.yml
|
|
- --storage.tsdb.path=/prometheus/
|
|
image: prom/prometheus
|
|
name: prometheus
|
|
ports:
|
|
- containerPort: 9090
|
|
volumeMounts:
|
|
- mountPath: /etc/prometheus/
|
|
name: prometheus-config-volume
|
|
- mountPath: /prometheus/
|
|
name: prometheus-storage-volume
|
|
volumes:
|
|
- configMap:
|
|
defaultMode: 420
|
|
name: kubeslice-controller-prometheus-server-conf
|
|
name: prometheus-config-volume
|
|
- emptyDir: {}
|
|
name: prometheus-storage-volume
|
|
{{ end }}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: kubeslice-controller-serving-cert
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
dnsNames:
|
|
- kubeslice-controller-webhook-service.kubeslice-controller.svc
|
|
- kubeslice-controller-webhook-service.kubeslice-controller.svc.cluster.local
|
|
issuerRef:
|
|
kind: Issuer
|
|
name: kubeslice-controller-selfsigned-issuer
|
|
secretName: webhook-server-cert
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: kubeslice-controller-selfsigned-issuer
|
|
namespace: kubeslice-controller
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: MutatingWebhookConfiguration
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
name: kubeslice-controller-mutating-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-sliceresourcequotaconfig
|
|
failurePolicy: Fail
|
|
name: msliceresourcequotaconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- sliceresourcequotaconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-slicerolebinding
|
|
failurePolicy: Fail
|
|
name: mslicerolebinding.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- slicerolebindings
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-cluster
|
|
failurePolicy: Fail
|
|
name: mcluster.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- clusters
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-project
|
|
failurePolicy: Fail
|
|
name: mproject.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- projects
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-serviceexportconfig
|
|
failurePolicy: Fail
|
|
name: mserviceexportconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- serviceexportconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-sliceconfig
|
|
failurePolicy: Fail
|
|
name: msliceconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- sliceconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-controller-kubeslice-io-v1alpha1-sliceqosconfig
|
|
failurePolicy: Fail
|
|
name: msliceqosconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- sliceqosconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-worker-kubeslice-io-v1alpha1-workersliceconfig
|
|
failurePolicy: Fail
|
|
name: mworkersliceconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- workersliceconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /mutate-worker-kubeslice-io-v1alpha1-workerslicegateway
|
|
failurePolicy: Fail
|
|
name: mworkerslicegateway.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- workerslicegateways
|
|
sideEffects: None
|
|
---
|
|
apiVersion: admissionregistration.k8s.io/v1
|
|
kind: ValidatingWebhookConfiguration
|
|
metadata:
|
|
annotations:
|
|
cert-manager.io/inject-ca-from: kubeslice-controller/kubeslice-controller-serving-cert
|
|
name: kubeslice-controller-validating-webhook-configuration
|
|
webhooks:
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-sliceresourcequotaconfig
|
|
failurePolicy: Fail
|
|
name: vsliceresourcequotaconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- sliceresourcequotaconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-slicerolebinding
|
|
failurePolicy: Fail
|
|
name: vslicerolebinding.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- slicerolebindings
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-sliceroletemplate
|
|
failurePolicy: Fail
|
|
name: vsliceroletemplate.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- sliceroletemplates
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-cluster
|
|
failurePolicy: Fail
|
|
name: vcluster.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- clusters
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-project
|
|
failurePolicy: Fail
|
|
name: vproject.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- projects
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-serviceexportconfig
|
|
failurePolicy: Fail
|
|
name: vserviceexportconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- serviceexportconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-sliceconfig
|
|
failurePolicy: Fail
|
|
name: vsliceconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- sliceconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-controller-kubeslice-io-v1alpha1-sliceqosconfig
|
|
failurePolicy: Fail
|
|
name: vsliceqosconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- controller.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
- DELETE
|
|
resources:
|
|
- sliceqosconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-worker-kubeslice-io-v1alpha1-workersliceconfig
|
|
failurePolicy: Fail
|
|
name: vworkersliceconfig.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- workersliceconfigs
|
|
sideEffects: None
|
|
- admissionReviewVersions:
|
|
- v1
|
|
clientConfig:
|
|
service:
|
|
name: kubeslice-controller-webhook-service
|
|
namespace: kubeslice-controller
|
|
path: /validate-worker-kubeslice-io-v1alpha1-workerslicegateway
|
|
failurePolicy: Fail
|
|
name: vworkerslicegateway.kb.io
|
|
rules:
|
|
- apiGroups:
|
|
- worker.kubeslice.io
|
|
apiVersions:
|
|
- v1alpha1
|
|
operations:
|
|
- CREATE
|
|
- UPDATE
|
|
resources:
|
|
- workerslicegateways
|
|
sideEffects: None |