@@ -155,7 +155,7 @@ spec:
155155 shortNames :
156156 - sdw
157157 singular : signadotworkspace
158- scope : Namespaced
158+ scope : Cluster
159159 versions :
160160 - name : v1
161161 schema :
@@ -180,6 +180,10 @@ spec:
180180 spec :
181181 description : SignadotWorkspaceSpec defines the desired state of SignadotWorkspace
182182 properties :
183+ clusterName :
184+ description : ClusterName should be the name of the cluster this workspace
185+ lives in.
186+ type : string
183187 customization :
184188 description : Customization describes the ways in which live workloads
185189 running in the cluster should be customized for this workspace.
@@ -197,6 +201,10 @@ spec:
197201 description : " Name specifies which image name in live workloads
198202 will be replaced. \n Example: us.gcr.io/my-staging-registry/widget"
199203 type : string
204+ namespace :
205+ description : Namespace optionally specifies which namespace
206+ will be searched.
207+ type : string
200208 newName :
201209 description : " NewName provides a replacement for the image
202210 name (the part before the tag). If this is left unset,
@@ -286,12 +294,11 @@ spec:
286294 a given Kubernetes Secret object to use as the SSH
287295 private key when cloning the git repository. \n Note
288296 that this Secret must be in the signadot-operator
289- namespace, not in the SignadotWorkspace's namespace,
290- since it's used by a background Job that the operator
291- spawns there. \n This private key should have been
292- granted read access to the repository, such as by
293- adding the corresponding public key as a GitHub Deploy
294- Key."
297+ namespace since it's used by a background Job that
298+ the operator spawns there. \n This private key should
299+ have been granted read access to the repository, such
300+ as by adding the corresponding public key as a GitHub
301+ Deploy Key."
295302 properties :
296303 key :
297304 description : The key of the secret to select from. Must
@@ -316,6 +323,10 @@ spec:
316323 - repo
317324 - sshKeySecret
318325 type : object
326+ namespace :
327+ description : Namespace can optionally be set to filter extracted
328+ objects by namespace.
329+ type : string
319330 type : object
320331 type : array
321332 patches :
@@ -380,6 +391,10 @@ spec:
380391 description : Name specifies the name of the object to
381392 patch.
382393 type : string
394+ namespace :
395+ description : Namespace optionally specifies which namespace
396+ will be searched.
397+ type : string
383398 required :
384399 - apiVersion
385400 - kind
@@ -389,6 +404,21 @@ spec:
389404 - target
390405 type : object
391406 type : array
407+ preservedLabels :
408+ description : " PreservedLabels is a list of RE2 regular expressions
409+ to check against label keys on the original baseline Pod template.
410+ The expression can match any substring within the key, so use
411+ anchors if you want to require a full match. \n Normally, all
412+ baseline labels are stripped from the cloned Pod template to
413+ ensure it can't match any existing Services. Labels from the
414+ baseline Pod that match any of these regular expressions will
415+ be preserved on the cloned Pod instead. \n If preserving these
416+ labels would cause the cloned Pods to match a basline Service,
417+ the workspace controller will pause and report an error to avoid
418+ interference."
419+ items :
420+ type : string
421+ type : array
392422 type : object
393423 id :
394424 description : " ID should be a unique identifier for the workspace.
@@ -399,6 +429,15 @@ spec:
399429 minLength : 1
400430 pattern : ^[a-z0-9]([a-z0-9-]*[a-z0-9])?$
401431 type : string
432+ name :
433+ description : " Name should be a unique value in the organization that
434+ easily allows any user to identify what the workspace is being used
435+ for when reading it. \n It can be up to 30 characters, consisting
436+ of alphanumeric characters or '-', but it must both start and end
437+ with an alphanumeric character."
438+ maxLength : 30
439+ pattern : ^$|^[a-zA-Z]([a-zA-Z0-9-]*[a-zA-Z0-9])?$
440+ type : string
402441 required :
403442 - id
404443 type : object
@@ -550,13 +589,33 @@ rules:
550589 - signadot.com
551590 resources :
552591 - signadotworkspaces
592+ - signadotroutes
553593 verbs :
554594 - get
555595 - list
556596 - watch
557597 - create
558598 - update
559599 - delete
600+ - apiGroups :
601+ - " "
602+ resources :
603+ - pods
604+ - services
605+ - configmaps
606+ verbs :
607+ - get
608+ - list
609+ - watch
610+ - apiGroups :
611+ - apps
612+ resources :
613+ - deployments
614+ - replicasets
615+ verbs :
616+ - get
617+ - list
618+ - watch
560619---
561620apiVersion : rbac.authorization.k8s.io/v1
562621kind : ClusterRole
@@ -890,6 +949,9 @@ spec:
890949 template :
891950 metadata :
892951 labels :
952+ {{- range $key, $val := .Values.podLabels }}
953+ {{ $key }}: {{ $val | quote }}
954+ {{- end }}
893955 control-plane : controller-manager
894956 spec :
895957 containers :
@@ -901,8 +963,8 @@ spec:
901963 - /manager
902964 env :
903965 - name : REPO_OVERLAY_IMAGE
904- value : signadot/workspaces-repo-overlay:v0.6.6
905- image : signadot/workspaces-operator:v0.6.6
966+ value : signadot/workspaces-repo-overlay:v0.7.0
967+ image : signadot/workspaces-operator:v0.7.0
906968 imagePullPolicy : IfNotPresent
907969 livenessProbe :
908970 httpGet :
@@ -930,6 +992,9 @@ spec:
930992 memory : 128Mi
931993 securityContext :
932994 allowPrivilegeEscalation : false
995+ volumeMounts :
996+ - mountPath : /etc/podinfo
997+ name : podinfo
933998 - args :
934999 - --secure-listen-address=0.0.0.0:8443
9351000 - --upstream=http://127.0.0.1:8080/
@@ -944,6 +1009,13 @@ spec:
9441009 runAsNonRoot : true
9451010 serviceAccountName : signadot-controller-manager
9461011 terminationGracePeriodSeconds : 10
1012+ volumes :
1013+ - downwardAPI :
1014+ items :
1015+ - fieldRef :
1016+ fieldPath : metadata.labels
1017+ path : labels
1018+ name : podinfo
9471019---
9481020apiVersion : apps/v1
9491021kind : Deployment
@@ -958,21 +1030,23 @@ spec:
9581030 template :
9591031 metadata :
9601032 labels :
1033+ {{- range $key, $val := .Values.podLabels }}
1034+ {{ $key }}: {{ $val | quote }}
1035+ {{- end }}
9611036 app : signadot-agent
9621037 spec :
9631038 containers :
9641039 - args :
9651040 - --agent-token=$(AGENT_TOKEN)
1041+ - --api-url=https://api.signadot.com
9661042 - --tunnel-addr=tunnel.signadot.com:2222
967- - --tunnel-ca=/app/tunnel-server.crt
968- - --tunnel-tls-server-name-override=preview.signadot.com
9691043 env :
9701044 - name : AGENT_TOKEN
9711045 valueFrom :
9721046 secretKeyRef :
9731047 key : token
9741048 name : cluster-agent
975- image : signadot/workspaces-agent:v0.6.6
1049+ image : signadot/workspaces-agent:v0.7.0
9761050 imagePullPolicy : IfNotPresent
9771051 name : agent
9781052 ports :
@@ -992,10 +1066,13 @@ spec:
9921066 template :
9931067 metadata :
9941068 labels :
1069+ {{- range $key, $val := .Values.podLabels }}
1070+ {{ $key }}: {{ $val | quote }}
1071+ {{- end }}
9951072 app : routeserver
9961073 spec :
9971074 containers :
998- - image : signadot/workspaces-routeserver:v0.6.6
1075+ - image : signadot/workspaces-routeserver:v0.7.0
9991076 imagePullPolicy : IfNotPresent
10001077 name : routeserver
10011078 ports :
0 commit comments