plural: cnfservices
singular: cnfservice
scope: Namespaced
+ subresources:
+ status: {}
validation:
openAPIV3Schema:
description: CNFService is the Schema for the cnfservices API
spec:
description: CNFServiceSpec defines the desired state of CNFService
properties:
- foo:
- description: Foo is an example field of CNFService. Edit CNFService_types.go to remove/update
+ dport:
+ type: string
+ fullname:
+ type: string
+ port:
type: string
type: object
status:
- description: CNFServiceStatus defines the observed state of CNFService
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
type: object
type: object
version: v1alpha1
conditions: []
storedVersions: []
---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ controller-gen.kubebuilder.io/version: v0.2.5
+ creationTimestamp: null
+ name: sdewanapplications.batch.sdewan.akraino.org
+spec:
+ group: batch.sdewan.akraino.org
+ names:
+ kind: SdewanApplication
+ listKind: SdewanApplicationList
+ plural: sdewanapplications
+ singular: sdewanapplication
+ scope: Namespaced
+ subresources:
+ status: {}
+ validation:
+ openAPIV3Schema:
+ description: SdewanApplication is the Schema for the sdewanapplications API
+ properties:
+ apiVersion:
+ description: 'APIVersion defines the versioned schema of this representation of an object. Servers should convert recognized schemas to the latest internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ type: string
+ kind:
+ description: 'Kind is a string value representing the REST resource this object represents. Servers may infer this from the endpoint the client submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: SdewanApplicationSpec defines the desired state of SdewanApplication
+ properties:
+ appNamespace:
+ type: string
+ podSelector:
+ description: A label selector is a label query over a set of resources. The result of matchLabels and matchExpressions are ANDed. An empty label selector matches all objects. A null label selector matches no objects.
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label selector requirements. The requirements are ANDed.
+ items:
+ description: A label selector requirement is a selector that contains values, a key, and an operator that relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the selector applies to.
+ type: string
+ operator:
+ description: operator represents a key's relationship to a set of values. Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: values is an array of string values. If the operator is In or NotIn, the values array must be non-empty. If the operator is Exists or DoesNotExist, the values array must be empty. This array is replaced during a strategic merge patch.
+ items:
+ type: string
+ type: array
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels map is equivalent to an element of matchExpressions, whose key field is "key", the operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ type: object
+ status:
+ description: status subsource used for Sdewan rule CRDs
+ properties:
+ appliedGeneration:
+ format: int64
+ type: integer
+ appliedTime:
+ format: date-time
+ type: string
+ message:
+ type: string
+ state:
+ type: string
+ required:
+ - state
+ type: object
+ type: object
+ version: v1alpha1
+ versions:
+ - name: v1alpha1
+ served: true
+ storage: true
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: []
+ storedVersions: []
+---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
- get
- patch
- update
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - sdewanapplications
+ verbs:
+ - create
+ - delete
+ - get
+ - list
+ - patch
+ - update
+ - watch
+- apiGroups:
+ - batch.sdewan.akraino.org
+ resources:
+ - sdewanapplications/status
+ verbs:
+ - get
+ - patch
+ - update
- apiGroups:
- rbac.authorization.k8s.io
resources:
- firewallrules
- firewallsnats
- firewalldnats
+ - cnfservice
+ - sdewanapplication
- ipsecproposals
- ipsechosts
- ipsecsites
- firewallrules
- firewallsnats
- firewalldnats
+ - cnfservice
+ - sdewanapplication
- ipsecproposals
- ipsechosts
- ipsecsites
return nil
}
-// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org
+// +kubebuilder:webhook:path=/validate-sdewan-bucket-permission,mutating=false,failurePolicy=fail,groups="batch.sdewan.akraino.org",resources=mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=create;update;delete,versions=v1alpha1,name=validate-sdewan-bucket.akraino.org
// bucketPermissionValidator validates Pods
type bucketPermissionValidator struct {
obj = &IpsecHost{}
case "IpsecSite":
obj = &IpsecSite{}
+ case "CNFService":
+ obj = &CNFService{}
+ case "SdewanApplication":
+ obj = &SdewanApplication{}
default:
return admission.Errored(
http.StatusBadRequest,
return nil
}
-// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org
+// +kubebuilder:webhook:path=/validate-label,mutating=false,failurePolicy=fail,groups=apps;batch.sdewan.akraino.org,resources=deployments;mwan3policies;mwan3rules;firewallzones;firewallforwardings;firewallrules;firewallsnats;firewalldnats;cnfservice;sdewanapplication;ipsecproposals;ipsechosts;ipsecsites,verbs=update,versions=v1;v1alpha1,name=validate-label.akraino.org
type labelValidator struct {
Client client.Client
obj = &IpsecHost{}
case "IpsecSite":
obj = &IpsecSite{}
+ case "CNFService":
+ obj = &CNFService{}
+ case "SdewanApplication":
+ obj = &SdewanApplication{}
default:
return admission.Errored(
http.StatusBadRequest,
return ctrl.NewControllerManagedBy(mgr).
For(&batchv1alpha1.CNFService{}).
Watches(
- &source.Kind{Type: &appsv1.Deployment{}},
- &handler.EnqueueRequestsFromMapFunc{
- ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFServiceList{})),
- },
- Filter).
+ &source.Kind{Type: &appsv1.Deployment{}},
+ &handler.EnqueueRequestsFromMapFunc{
+ ToRequests: handler.ToRequestsFunc(GetToRequestsFunc(r, &batchv1alpha1.CNFServiceList{})),
+ },
+ Filter).
Watches(
&source.Kind{Type: &corev1.Service{}},
&handler.EnqueueRequestsFromMapFunc{
Code Review / icn / sdwan.git / commitdiff