Skip to content

Commit 673bb7b

Browse files
otahirsotahirs
authored
feat: update capsule.clastix.io to v0.12.4 (#866)
1 parent 8750a7d commit 673bb7b

10 files changed

Lines changed: 1535 additions & 24 deletions

capsule.clastix.io/capsuleconfiguration_v1beta2.json

Lines changed: 78 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -15,8 +15,40 @@
1515
"spec": {
1616
"description": "CapsuleConfigurationSpec defines the Capsule configuration.",
1717
"properties": {
18+
"administrators": {
19+
"description": "Define entities which can act as Administrators in the capsule construct\nThese entities are automatically owners for all existing tenants. Meaning they can add namespaces to any tenant. However they must be specific by using the capsule label\nfor interacting with namespaces. Because if that label is not defined, it's assumed that namespace interaction was not targeted towards a tenant and will therefor\nbe ignored by capsule.",
20+
"items": {
21+
"properties": {
22+
"kind": {
23+
"description": "Kind of entity. Possible values are \"User\", \"Group\", and \"ServiceAccount\"",
24+
"enum": [
25+
"User",
26+
"Group",
27+
"ServiceAccount"
28+
],
29+
"type": "string"
30+
},
31+
"name": {
32+
"description": "Name of the entity.",
33+
"type": "string"
34+
}
35+
},
36+
"required": [
37+
"kind",
38+
"name"
39+
],
40+
"type": "object",
41+
"additionalProperties": false
42+
},
43+
"type": "array"
44+
},
45+
"allowServiceAccountPromotion": {
46+
"default": false,
47+
"description": "ServiceAccounts within tenant namespaces can be promoted to owners of the given tenant\nthis can be achieved by labeling the serviceaccount and then they are considered owners. This can only be done by other owners of the tenant.\nHowever ServiceAccounts which have been promoted to owner can not promote further serviceAccounts.",
48+
"type": "boolean"
49+
},
1850
"enableTLSReconciler": {
19-
"default": true,
51+
"default": false,
2052
"description": "Toggles the TLS reconciler, the controller that is able to generate CA and certificates for the webhooks\nwhen not using an already provided CA and certificate, or when these are managed externally with Vault, or cert-manager.",
2153
"type": "boolean"
2254
},
@@ -25,6 +57,13 @@
2557
"description": "Enforces the Tenant owner, during Namespace creation, to name it using the selected Tenant name as prefix,\nseparated by a dash. This is useful to avoid Namespace name collision in a public CaaS environment.",
2658
"type": "boolean"
2759
},
60+
"ignoreUserWithGroups": {
61+
"description": "Define groups which when found in the request of a user will be ignored by the Capsule\nthis might be useful if you have one group where all the users are in, but you want to separate administrators from normal users with additional groups.",
62+
"items": {
63+
"type": "string"
64+
},
65+
"type": "array"
66+
},
2867
"nodeMetadata": {
2968
"description": "Allows to set the forbidden metadata for the worker nodes that could be patched by a Tenant.\nThis applies only if the Tenant has an active NodeSelector, and the Owner have right to patch their nodes.",
3069
"properties": {
@@ -61,10 +100,6 @@
61100
"additionalProperties": false
62101
}
63102
},
64-
"required": [
65-
"forbiddenAnnotations",
66-
"forbiddenLabels"
67-
],
68103
"type": "object",
69104
"additionalProperties": false
70105
},
@@ -108,11 +143,45 @@
108143
"default": [
109144
"capsule.clastix.io"
110145
],
111-
"description": "Names of the groups for Capsule users.",
146+
"description": "Deprecated: use users property instead (https://projectcapsule.dev/docs/operating/setup/configuration/#users)\n\nNames of the groups considered as Capsule users.",
147+
"items": {
148+
"type": "string"
149+
},
150+
"type": "array"
151+
},
152+
"userNames": {
153+
"description": "Deprecated: use users property instead (https://projectcapsule.dev/docs/operating/setup/configuration/#users)\n\nNames of the users considered as Capsule users.",
112154
"items": {
113155
"type": "string"
114156
},
115157
"type": "array"
158+
},
159+
"users": {
160+
"description": "Define entities which are considered part of the Capsule construct\nUsers not mentioned here will be ignored by Capsule",
161+
"items": {
162+
"properties": {
163+
"kind": {
164+
"description": "Kind of entity. Possible values are \"User\", \"Group\", and \"ServiceAccount\"",
165+
"enum": [
166+
"User",
167+
"Group",
168+
"ServiceAccount"
169+
],
170+
"type": "string"
171+
},
172+
"name": {
173+
"description": "Name of the entity.",
174+
"type": "string"
175+
}
176+
},
177+
"required": [
178+
"kind",
179+
"name"
180+
],
181+
"type": "object",
182+
"additionalProperties": false
183+
},
184+
"type": "array"
116185
}
117186
},
118187
"required": [
@@ -122,5 +191,8 @@
122191
"additionalProperties": false
123192
}
124193
},
194+
"required": [
195+
"spec"
196+
],
125197
"type": "object"
126198
}

capsule.clastix.io/globalproxysettings_v1beta1.json

Lines changed: 156 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,156 @@
1+
{
2+
"description": "GlobalProxySettings is the Schema for the globalproxysettings API.",
3+
"properties": {
4+
"apiVersion": {
5+
"description": "APIVersion defines the versioned schema of this representation of an object.\nServers should convert recognized schemas to the latest internal value, and\nmay reject unrecognized values.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources",
6+
"type": "string"
7+
},
8+
"kind": {
9+
"description": "Kind is a string value representing the REST resource this object represents.\nServers may infer this from the endpoint the client submits requests to.\nCannot be updated.\nIn CamelCase.\nMore info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds",
10+
"type": "string"
11+
},
12+
"metadata": {
13+
"type": "object"
14+
},
15+
"spec": {
16+
"description": "GlobalProxySettingsSpec defines the desired state of GlobalProxySettings.",
17+
"properties": {
18+
"rules": {
19+
"description": "Subjects that should receive additional permissions.\nThe subjects are selected based on the oncoming requests. They don't have to relate to an existing tenant.\nHowever they must be part of the capsule-user groups.",
20+
"items": {
21+
"properties": {
22+
"clusterResources": {
23+
"description": "Cluster Resources for tenant Owner.",
24+
"items": {
25+
"properties": {
26+
"apiGroups": {
27+
"description": "APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against any resource listed will be allowed. '*' represents all resources. Empty string represents v1 api resources.",
28+
"items": {
29+
"type": "string"
30+
},
31+
"type": "array"
32+
},
33+
"operations": {
34+
"description": "Operations which can be executed on the selected resources.\nDeprecated: For all registered Routes only LIST ang GET requests will intercepted\nOther permissions must be implemented via kubernetes native RBAC",
35+
"items": {
36+
"enum": [
37+
"List",
38+
"Update",
39+
"Delete"
40+
],
41+
"type": "string"
42+
},
43+
"type": "array"
44+
},
45+
"resources": {
46+
"description": "Resources is a list of resources this rule applies to. '*' represents all resources.",
47+
"items": {
48+
"type": "string"
49+
},
50+
"type": "array"
51+
},
52+
"selector": {
53+
"description": "Select all cluster scoped resources with the given label selector.\nDefining a selector which does not match any resources is considered not selectable (eg. using operation NotExists).",
54+
"properties": {
55+
"matchExpressions": {
56+
"description": "matchExpressions is a list of label selector requirements. The requirements are ANDed.",
57+
"items": {
58+
"description": "A label selector requirement is a selector that contains values, a key, and an operator that\nrelates the key and values.",
59+
"properties": {
60+
"key": {
61+
"description": "key is the label key that the selector applies to.",
62+
"type": "string"
63+
},
64+
"operator": {
65+
"description": "operator represents a key's relationship to a set of values.\nValid operators are In, NotIn, Exists and DoesNotExist.",
66+
"type": "string"
67+
},
68+
"values": {
69+
"description": "values is an array of string values. If the operator is In or NotIn,\nthe values array must be non-empty. If the operator is Exists or DoesNotExist,\nthe values array must be empty. This array is replaced during a strategic\nmerge patch.",
70+
"items": {
71+
"type": "string"
72+
},
73+
"type": "array",
74+
"x-kubernetes-list-type": "atomic"
75+
}
76+
},
77+
"required": [
78+
"key",
79+
"operator"
80+
],
81+
"type": "object",
82+
"additionalProperties": false
83+
},
84+
"type": "array",
85+
"x-kubernetes-list-type": "atomic"
86+
},
87+
"matchLabels": {
88+
"additionalProperties": {
89+
"type": "string"
90+
},
91+
"description": "matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels\nmap is equivalent to an element of matchExpressions, whose key field is \"key\", the\noperator is \"In\", and the values array contains only \"value\". The requirements are ANDed.",
92+
"type": "object"
93+
}
94+
},
95+
"type": "object",
96+
"x-kubernetes-map-type": "atomic",
97+
"additionalProperties": false
98+
}
99+
},
100+
"required": [
101+
"apiGroups",
102+
"resources",
103+
"selector"
104+
],
105+
"type": "object",
106+
"additionalProperties": false
107+
},
108+
"type": "array"
109+
},
110+
"subjects": {
111+
"description": "Subjects that should receive additional permissions.\nThe subjects are selected based on the oncoming requests. They don't have to relate to an existing tenant.\nHowever they must be part of the capsule-user groups.",
112+
"items": {
113+
"properties": {
114+
"kind": {
115+
"description": "Kind of tenant owner. Possible values are \"User\", \"Group\", and \"ServiceAccount\".",
116+
"enum": [
117+
"User",
118+
"Group",
119+
"ServiceAccount"
120+
],
121+
"type": "string"
122+
},
123+
"name": {
124+
"description": "Name of tenant owner.",
125+
"type": "string"
126+
}
127+
},
128+
"required": [
129+
"kind",
130+
"name"
131+
],
132+
"type": "object",
133+
"additionalProperties": false
134+
},
135+
"type": "array"
136+
}
137+
},
138+
"required": [
139+
"subjects"
140+
],
141+
"type": "object",
142+
"additionalProperties": false
143+
},
144+
"minItems": 1,
145+
"type": "array"
146+
}
147+
},
148+
"required": [
149+
"rules"
150+
],
151+
"type": "object",
152+
"additionalProperties": false
153+
}
154+
},
155+
"type": "object"
156+
}

capsule.clastix.io/globaltenantresource_v1beta2.json

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -289,5 +289,8 @@
289289
"additionalProperties": false
290290
}
291291
},
292+
"required": [
293+
"spec"
294+
],
292295
"type": "object"
293296
}

0 commit comments

Comments
 (0)