068afe5bb9
The auth service (Dex) does not depend on the SIP scheduling output like the other services do, so it can be put in place independet of SIP. This will remove complexity from SIP and give more flexibility in how we deploy Dex through kustomize. Change-Id: I1f871ae3be7d228cef867af6bed8ffffd6d0ea56
297 lines
14 KiB
YAML
297 lines
14 KiB
YAML
|
|
---
|
|
apiVersion: apiextensions.k8s.io/v1beta1
|
|
kind: CustomResourceDefinition
|
|
metadata:
|
|
annotations:
|
|
controller-gen.kubebuilder.io/version: v0.3.0
|
|
creationTimestamp: null
|
|
name: sipclusters.airship.airshipit.org
|
|
spec:
|
|
group: airship.airshipit.org
|
|
names:
|
|
kind: SIPCluster
|
|
listKind: SIPClusterList
|
|
plural: sipclusters
|
|
singular: sipcluster
|
|
scope: Namespaced
|
|
subresources:
|
|
status: {}
|
|
validation:
|
|
openAPIV3Schema:
|
|
description: SIPCluster is the Schema for the sipclusters API
|
|
properties:
|
|
apiVersion:
|
|
description: 'APIVersion defines the versioned schema of this representation
|
|
of an object. Servers should convert recognized schemas to the latest
|
|
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
|
|
type: string
|
|
kind:
|
|
description: 'Kind is a string value representing the REST resource this
|
|
object represents. Servers may infer this from the endpoint the client
|
|
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
|
|
type: string
|
|
metadata:
|
|
type: object
|
|
spec:
|
|
description: SIPClusterSpec defines the desired state of a SIPCluster
|
|
properties:
|
|
nodes:
|
|
additionalProperties:
|
|
description: 'NodeSet are the the list of Nodes objects workers, or
|
|
ControlPlane that define expectations for the Tenant Clusters Includes
|
|
artifacts to associate with each defined namespace Such as : - Roles
|
|
for the Nodes - Flavor for the Nodes image - Anti-affinity expectations
|
|
- Scale of the group of Nodes'
|
|
properties:
|
|
count:
|
|
description: Count defines the scale expectations for the Nodes
|
|
properties:
|
|
active:
|
|
description: 'INSERT ADDITIONAL STATUS FIELD - define observed
|
|
state of cluster Important: Run "make" to regenerate code
|
|
after modifying this file'
|
|
type: integer
|
|
standby:
|
|
type: integer
|
|
type: object
|
|
labelSelector:
|
|
description: LabelSelector is the BMH label selector to use.
|
|
properties:
|
|
matchExpressions:
|
|
description: matchExpressions is a list of label selector
|
|
requirements. The requirements are ANDed.
|
|
items:
|
|
description: A label selector requirement is a selector
|
|
that contains values, a key, and an operator that relates
|
|
the key and values.
|
|
properties:
|
|
key:
|
|
description: key is the label key that the selector
|
|
applies to.
|
|
type: string
|
|
operator:
|
|
description: operator represents a key's relationship
|
|
to a set of values. Valid operators are In, NotIn,
|
|
Exists and DoesNotExist.
|
|
type: string
|
|
values:
|
|
description: values is an array of string values. If
|
|
the operator is In or NotIn, the values array must
|
|
be non-empty. If the operator is Exists or DoesNotExist,
|
|
the values array must be empty. This array is replaced
|
|
during a strategic merge patch.
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- key
|
|
- operator
|
|
type: object
|
|
type: array
|
|
matchLabels:
|
|
additionalProperties:
|
|
type: string
|
|
description: matchLabels is a map of {key,value} pairs. A
|
|
single {key,value} in the matchLabels map is equivalent
|
|
to an element of matchExpressions, whose key field is "key",
|
|
the operator is "In", and the values array contains only
|
|
"value". The requirements are ANDed.
|
|
type: object
|
|
type: object
|
|
topologyKey:
|
|
description: TopologyKey is similar to the same named field in
|
|
the kubernetes Pod anti-affinity API. If two BMHs are labeled
|
|
with this key and have identical values for that label, they
|
|
are considered to be in the same topology domain, and thus only
|
|
one will be scheduled.
|
|
type: string
|
|
type: object
|
|
description: Nodes defines the set of nodes to schedule for each BMH
|
|
role.
|
|
type: object
|
|
services:
|
|
description: Services defines the services that are deployed when a
|
|
SIPCluster is provisioned.
|
|
properties:
|
|
jumpHost:
|
|
description: JumpHost defines the sub-cluster jump host services.
|
|
items:
|
|
description: JumpHostService is an infrastructure service type
|
|
that represents the sub-cluster jump-host service.
|
|
properties:
|
|
bmc:
|
|
description: BMCOpts contains options for BMC communication.
|
|
properties:
|
|
proxy:
|
|
type: boolean
|
|
type: object
|
|
clusterIP:
|
|
type: string
|
|
image:
|
|
type: string
|
|
nodeInterfaceId:
|
|
type: string
|
|
nodeLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
nodePort:
|
|
type: integer
|
|
nodeSSHPrivateKeys:
|
|
description: NodeSSHPrivateKeys holds the name of a Secret
|
|
in the same namespace as the SIPCluster CR, whose key values
|
|
each represent an ssh private key that can be used to access
|
|
the cluster nodes. They are mounted into the jumphost with
|
|
the secret keys serving as file names relative to a common
|
|
directory, and then configured as identity files in the
|
|
SSH config file of the default user.
|
|
type: string
|
|
sshAuthorizedKeys:
|
|
items:
|
|
type: string
|
|
type: array
|
|
required:
|
|
- image
|
|
- nodePort
|
|
- nodeSSHPrivateKeys
|
|
type: object
|
|
type: array
|
|
loadBalancerControlPlane:
|
|
description: LoadBalancer defines the sub-cluster load balancer
|
|
services.
|
|
items:
|
|
description: LoadBalancerServiceControlPlane is an infrastructure
|
|
service type that represents the sub-cluster load balancer service.
|
|
properties:
|
|
clusterIP:
|
|
type: string
|
|
image:
|
|
type: string
|
|
nodeInterfaceId:
|
|
type: string
|
|
nodeLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
nodePort:
|
|
type: integer
|
|
required:
|
|
- image
|
|
- nodePort
|
|
type: object
|
|
type: array
|
|
loadBalancerWorker:
|
|
description: ' LoadBalancer defines the sub-cluster load balancer
|
|
services.'
|
|
items:
|
|
description: LoadBalancerServiceWorker is an infrastructure service
|
|
type that represents the sub-cluster load balancer service.
|
|
properties:
|
|
clusterIP:
|
|
type: string
|
|
image:
|
|
type: string
|
|
nodeInterfaceId:
|
|
type: string
|
|
nodeLabels:
|
|
additionalProperties:
|
|
type: string
|
|
type: object
|
|
nodePort:
|
|
type: integer
|
|
required:
|
|
- image
|
|
- nodePort
|
|
type: object
|
|
type: array
|
|
type: object
|
|
required:
|
|
- services
|
|
type: object
|
|
status:
|
|
description: SIPClusterStatus defines the observed state of SIPCluster
|
|
properties:
|
|
conditions:
|
|
items:
|
|
description: "Condition contains details for one aspect of the current
|
|
state of this API Resource. --- This struct is intended for direct
|
|
use as an array at the field path .status.conditions. For example,
|
|
type FooStatus struct{ // Represents the observations of a foo's
|
|
current state. // Known .status.conditions.type are: \"Available\",
|
|
\"Progressing\", and \"Degraded\" // +patchMergeKey=type //
|
|
+patchStrategy=merge // +listType=map // +listMapKey=type
|
|
\ Conditions []metav1.Condition `json:\"conditions,omitempty\"
|
|
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`
|
|
\n // other fields }"
|
|
properties:
|
|
lastTransitionTime:
|
|
description: lastTransitionTime is the last time the condition
|
|
transitioned from one status to another. This should be when
|
|
the underlying condition changed. If that is not known, then
|
|
using the time when the API field changed is acceptable.
|
|
format: date-time
|
|
type: string
|
|
message:
|
|
description: message is a human readable message indicating details
|
|
about the transition. This may be an empty string.
|
|
maxLength: 32768
|
|
type: string
|
|
observedGeneration:
|
|
description: observedGeneration represents the .metadata.generation
|
|
that the condition was set based upon. For instance, if .metadata.generation
|
|
is currently 12, but the .status.conditions[x].observedGeneration
|
|
is 9, the condition is out of date with respect to the current
|
|
state of the instance.
|
|
format: int64
|
|
minimum: 0
|
|
type: integer
|
|
reason:
|
|
description: reason contains a programmatic identifier indicating
|
|
the reason for the condition's last transition. Producers of
|
|
specific condition types may define expected values and meanings
|
|
for this field, and whether the values are considered a guaranteed
|
|
API. The value should be a CamelCase string. This field may
|
|
not be empty.
|
|
maxLength: 1024
|
|
minLength: 1
|
|
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
|
|
type: string
|
|
status:
|
|
description: status of the condition, one of True, False, Unknown.
|
|
enum:
|
|
- "True"
|
|
- "False"
|
|
- Unknown
|
|
type: string
|
|
type:
|
|
description: type of condition in CamelCase or in foo.example.com/CamelCase.
|
|
--- Many .condition.type values are consistent across resources
|
|
like Available, but because arbitrary conditions can be useful
|
|
(see .node.status.conditions), the ability to deconflict is
|
|
important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
|
|
maxLength: 316
|
|
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
|
|
type: string
|
|
required:
|
|
- lastTransitionTime
|
|
- message
|
|
- reason
|
|
- status
|
|
- type
|
|
type: object
|
|
type: array
|
|
type: object
|
|
type: object
|
|
version: v1
|
|
versions:
|
|
- name: v1
|
|
served: true
|
|
storage: true
|
|
status:
|
|
acceptedNames:
|
|
kind: ""
|
|
plural: ""
|
|
conditions: []
|
|
storedVersions: []
|