Enhanced override policy for easily define all overrides for single resources
Signed-off-by: RainbowMango <qdurenhongcai@gmail.com>
This commit is contained in:
RainbowMango
RainbowMango
parent
006bccd0bd
commit
4b456ea89e
|
|
@ -20,7 +20,7 @@ kubeVersion: ">=1.16.0"
|
|||
# This is the chart version. This version number should be incremented each time you make changes
|
||||
# to the chart and its templates, including the app version.
|
||||
# Versions are expected to follow Semantic Versioning (https://semver.org/)
|
||||
version: 0.0.2
|
||||
version: 0.0.3
|
||||
|
||||
# This is the version number of the application being deployed. This version number should be
|
||||
# incremented each time you make changes to the application. Versions are not expected to
|
||||
|
|
|
|||
|
|
@ -39,6 +39,275 @@ spec:
|
|||
spec:
|
||||
description: Spec represents the desired behavior of ClusterOverridePolicy.
|
||||
properties:
|
||||
overrideRules:
|
||||
description: OverrideRules defines a collection of override rules
|
||||
on target clusters.
|
||||
items:
|
||||
description: RuleWithCluster defines the override rules on clusters.
|
||||
properties:
|
||||
overriders:
|
||||
description: Overriders represents the override rules that would
|
||||
apply on resources
|
||||
properties:
|
||||
argsOverrider:
|
||||
description: ArgsOverrider represents the rules dedicated
|
||||
to handling container args
|
||||
items:
|
||||
description: CommandArgsOverrider represents the rules
|
||||
dedicated to handling command/args overrides.
|
||||
properties:
|
||||
containerName:
|
||||
description: The name of container
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents the operator which
|
||||
will apply on the command/args.
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
type: string
|
||||
value:
|
||||
description: Value to be applied to command/args.
|
||||
Items in Value which will be appended after command/args
|
||||
when Operator is 'add'. Items in Value which match
|
||||
in command/args will be deleted when Operator is
|
||||
'remove'. If Value is empty, then the command/args
|
||||
will remain the same.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- containerName
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
commandOverrider:
|
||||
description: CommandOverrider represents the rules dedicated
|
||||
to handling container command
|
||||
items:
|
||||
description: CommandArgsOverrider represents the rules
|
||||
dedicated to handling command/args overrides.
|
||||
properties:
|
||||
containerName:
|
||||
description: The name of container
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents the operator which
|
||||
will apply on the command/args.
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
type: string
|
||||
value:
|
||||
description: Value to be applied to command/args.
|
||||
Items in Value which will be appended after command/args
|
||||
when Operator is 'add'. Items in Value which match
|
||||
in command/args will be deleted when Operator is
|
||||
'remove'. If Value is empty, then the command/args
|
||||
will remain the same.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- containerName
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
imageOverrider:
|
||||
description: ImageOverrider represents the rules dedicated
|
||||
to handling image overrides.
|
||||
items:
|
||||
description: ImageOverrider represents the rules dedicated
|
||||
to handling image overrides.
|
||||
properties:
|
||||
component:
|
||||
description: 'Component is part of image name. Basically
|
||||
we presume an image can be made of ''[registry/]repository[:tag]''.
|
||||
The registry could be: - k8s.gcr.io - fictional.registry.example:10443
|
||||
The repository could be: - kube-apiserver - fictional/nginx
|
||||
The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c'
|
||||
enum:
|
||||
- Registry
|
||||
- Repository
|
||||
- Tag
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents the operator which
|
||||
will apply on the image.
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
- replace
|
||||
type: string
|
||||
predicate:
|
||||
description: "Predicate filters images before applying
|
||||
the rule. \n Defaults to nil, in that case, the
|
||||
system will automatically detect image fields if
|
||||
the resource type is Pod, ReplicaSet, Deployment
|
||||
or StatefulSet by following rule: - Pod: spec/containers/<N>/image
|
||||
\ - ReplicaSet: spec/template/spec/containers/<N>/image
|
||||
\ - Deployment: spec/template/spec/containers/<N>/image
|
||||
\ - StatefulSet: spec/template/spec/containers/<N>/image
|
||||
In addition, all images will be processed if the
|
||||
resource object has more than one containers. \n
|
||||
If not nil, only images matches the filters will
|
||||
be processed."
|
||||
properties:
|
||||
path:
|
||||
description: Path indicates the path of target
|
||||
field
|
||||
type: string
|
||||
required:
|
||||
- path
|
||||
type: object
|
||||
value:
|
||||
description: Value to be applied to image. Must not
|
||||
be empty when operator is 'add' or 'replace'. Defaults
|
||||
to empty and ignored when operator is 'remove'.
|
||||
type: string
|
||||
required:
|
||||
- component
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
plaintext:
|
||||
description: Plaintext represents override rules defined
|
||||
with plaintext overriders.
|
||||
items:
|
||||
description: PlaintextOverrider is a simple overrider
|
||||
that overrides target fields according to path, operator
|
||||
and value.
|
||||
properties:
|
||||
operator:
|
||||
description: 'Operator indicates the operation on
|
||||
target field. Available operators are: add, update
|
||||
and remove.'
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
- replace
|
||||
type: string
|
||||
path:
|
||||
description: Path indicates the path of target field
|
||||
type: string
|
||||
value:
|
||||
description: Value to be applied to target field.
|
||||
Must be empty when operator is Remove.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
required:
|
||||
- operator
|
||||
- path
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
targetCluster:
|
||||
description: TargetCluster defines restrictions on this override
|
||||
policy that only applies to resources propagated to the matching
|
||||
clusters. nil means matching all clusters.
|
||||
properties:
|
||||
clusterNames:
|
||||
description: ClusterNames is the list of clusters to be
|
||||
selected.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
exclude:
|
||||
description: ExcludedClusters is the list of clusters to
|
||||
be ignored.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
fieldSelector:
|
||||
description: FieldSelector is a filter to select member
|
||||
clusters by fields. If non-nil and non-empty, only the
|
||||
clusters match this filter will be selected.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of field selector requirements.
|
||||
items:
|
||||
description: A node selector requirement is a selector
|
||||
that contains values, a key, and an operator that
|
||||
relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship to
|
||||
a set of values. Valid operators are In, NotIn,
|
||||
Exists, DoesNotExist. Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If the
|
||||
operator is In or NotIn, the values array must
|
||||
be non-empty. If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty. If the operator
|
||||
is Gt or Lt, the values array must have a single
|
||||
element, which will be interpreted as an integer.
|
||||
This array is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
labelSelector:
|
||||
description: LabelSelector is a filter to select member
|
||||
clusters by labels. If non-nil and non-empty, only the
|
||||
clusters match this filter will be selected.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector
|
||||
requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector
|
||||
that contains values, a key, and an operator that
|
||||
relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship
|
||||
to a set of values. Valid operators are In,
|
||||
NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values.
|
||||
If the operator is In or NotIn, the values array
|
||||
must be non-empty. If the operator is Exists
|
||||
or DoesNotExist, the values array must be empty.
|
||||
This array is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs.
|
||||
A single {key,value} in the matchLabels map is equivalent
|
||||
to an element of matchExpressions, whose key field
|
||||
is "key", the operator is "In", and the values array
|
||||
contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- overriders
|
||||
type: object
|
||||
type: array
|
||||
overriders:
|
||||
description: Overriders represents the override rules that would apply
|
||||
on resources
|
||||
|
|
@ -359,8 +628,6 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- overriders
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
|
|
|
|||
|
|
@ -39,6 +39,275 @@ spec:
|
|||
spec:
|
||||
description: Spec represents the desired behavior of OverridePolicy.
|
||||
properties:
|
||||
overrideRules:
|
||||
description: OverrideRules defines a collection of override rules
|
||||
on target clusters.
|
||||
items:
|
||||
description: RuleWithCluster defines the override rules on clusters.
|
||||
properties:
|
||||
overriders:
|
||||
description: Overriders represents the override rules that would
|
||||
apply on resources
|
||||
properties:
|
||||
argsOverrider:
|
||||
description: ArgsOverrider represents the rules dedicated
|
||||
to handling container args
|
||||
items:
|
||||
description: CommandArgsOverrider represents the rules
|
||||
dedicated to handling command/args overrides.
|
||||
properties:
|
||||
containerName:
|
||||
description: The name of container
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents the operator which
|
||||
will apply on the command/args.
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
type: string
|
||||
value:
|
||||
description: Value to be applied to command/args.
|
||||
Items in Value which will be appended after command/args
|
||||
when Operator is 'add'. Items in Value which match
|
||||
in command/args will be deleted when Operator is
|
||||
'remove'. If Value is empty, then the command/args
|
||||
will remain the same.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- containerName
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
commandOverrider:
|
||||
description: CommandOverrider represents the rules dedicated
|
||||
to handling container command
|
||||
items:
|
||||
description: CommandArgsOverrider represents the rules
|
||||
dedicated to handling command/args overrides.
|
||||
properties:
|
||||
containerName:
|
||||
description: The name of container
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents the operator which
|
||||
will apply on the command/args.
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
type: string
|
||||
value:
|
||||
description: Value to be applied to command/args.
|
||||
Items in Value which will be appended after command/args
|
||||
when Operator is 'add'. Items in Value which match
|
||||
in command/args will be deleted when Operator is
|
||||
'remove'. If Value is empty, then the command/args
|
||||
will remain the same.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- containerName
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
imageOverrider:
|
||||
description: ImageOverrider represents the rules dedicated
|
||||
to handling image overrides.
|
||||
items:
|
||||
description: ImageOverrider represents the rules dedicated
|
||||
to handling image overrides.
|
||||
properties:
|
||||
component:
|
||||
description: 'Component is part of image name. Basically
|
||||
we presume an image can be made of ''[registry/]repository[:tag]''.
|
||||
The registry could be: - k8s.gcr.io - fictional.registry.example:10443
|
||||
The repository could be: - kube-apiserver - fictional/nginx
|
||||
The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c'
|
||||
enum:
|
||||
- Registry
|
||||
- Repository
|
||||
- Tag
|
||||
type: string
|
||||
operator:
|
||||
description: Operator represents the operator which
|
||||
will apply on the image.
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
- replace
|
||||
type: string
|
||||
predicate:
|
||||
description: "Predicate filters images before applying
|
||||
the rule. \n Defaults to nil, in that case, the
|
||||
system will automatically detect image fields if
|
||||
the resource type is Pod, ReplicaSet, Deployment
|
||||
or StatefulSet by following rule: - Pod: spec/containers/<N>/image
|
||||
\ - ReplicaSet: spec/template/spec/containers/<N>/image
|
||||
\ - Deployment: spec/template/spec/containers/<N>/image
|
||||
\ - StatefulSet: spec/template/spec/containers/<N>/image
|
||||
In addition, all images will be processed if the
|
||||
resource object has more than one containers. \n
|
||||
If not nil, only images matches the filters will
|
||||
be processed."
|
||||
properties:
|
||||
path:
|
||||
description: Path indicates the path of target
|
||||
field
|
||||
type: string
|
||||
required:
|
||||
- path
|
||||
type: object
|
||||
value:
|
||||
description: Value to be applied to image. Must not
|
||||
be empty when operator is 'add' or 'replace'. Defaults
|
||||
to empty and ignored when operator is 'remove'.
|
||||
type: string
|
||||
required:
|
||||
- component
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
plaintext:
|
||||
description: Plaintext represents override rules defined
|
||||
with plaintext overriders.
|
||||
items:
|
||||
description: PlaintextOverrider is a simple overrider
|
||||
that overrides target fields according to path, operator
|
||||
and value.
|
||||
properties:
|
||||
operator:
|
||||
description: 'Operator indicates the operation on
|
||||
target field. Available operators are: add, update
|
||||
and remove.'
|
||||
enum:
|
||||
- add
|
||||
- remove
|
||||
- replace
|
||||
type: string
|
||||
path:
|
||||
description: Path indicates the path of target field
|
||||
type: string
|
||||
value:
|
||||
description: Value to be applied to target field.
|
||||
Must be empty when operator is Remove.
|
||||
x-kubernetes-preserve-unknown-fields: true
|
||||
required:
|
||||
- operator
|
||||
- path
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
targetCluster:
|
||||
description: TargetCluster defines restrictions on this override
|
||||
policy that only applies to resources propagated to the matching
|
||||
clusters. nil means matching all clusters.
|
||||
properties:
|
||||
clusterNames:
|
||||
description: ClusterNames is the list of clusters to be
|
||||
selected.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
exclude:
|
||||
description: ExcludedClusters is the list of clusters to
|
||||
be ignored.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
fieldSelector:
|
||||
description: FieldSelector is a filter to select member
|
||||
clusters by fields. If non-nil and non-empty, only the
|
||||
clusters match this filter will be selected.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: A list of field selector requirements.
|
||||
items:
|
||||
description: A node selector requirement is a selector
|
||||
that contains values, a key, and an operator that
|
||||
relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: The label key that the selector applies
|
||||
to.
|
||||
type: string
|
||||
operator:
|
||||
description: Represents a key's relationship to
|
||||
a set of values. Valid operators are In, NotIn,
|
||||
Exists, DoesNotExist. Gt, and Lt.
|
||||
type: string
|
||||
values:
|
||||
description: An array of string values. If the
|
||||
operator is In or NotIn, the values array must
|
||||
be non-empty. If the operator is Exists or DoesNotExist,
|
||||
the values array must be empty. If the operator
|
||||
is Gt or Lt, the values array must have a single
|
||||
element, which will be interpreted as an integer.
|
||||
This array is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
type: object
|
||||
labelSelector:
|
||||
description: LabelSelector is a filter to select member
|
||||
clusters by labels. If non-nil and non-empty, only the
|
||||
clusters match this filter will be selected.
|
||||
properties:
|
||||
matchExpressions:
|
||||
description: matchExpressions is a list of label selector
|
||||
requirements. The requirements are ANDed.
|
||||
items:
|
||||
description: A label selector requirement is a selector
|
||||
that contains values, a key, and an operator that
|
||||
relates the key and values.
|
||||
properties:
|
||||
key:
|
||||
description: key is the label key that the selector
|
||||
applies to.
|
||||
type: string
|
||||
operator:
|
||||
description: operator represents a key's relationship
|
||||
to a set of values. Valid operators are In,
|
||||
NotIn, Exists and DoesNotExist.
|
||||
type: string
|
||||
values:
|
||||
description: values is an array of string values.
|
||||
If the operator is In or NotIn, the values array
|
||||
must be non-empty. If the operator is Exists
|
||||
or DoesNotExist, the values array must be empty.
|
||||
This array is replaced during a strategic merge
|
||||
patch.
|
||||
items:
|
||||
type: string
|
||||
type: array
|
||||
required:
|
||||
- key
|
||||
- operator
|
||||
type: object
|
||||
type: array
|
||||
matchLabels:
|
||||
additionalProperties:
|
||||
type: string
|
||||
description: matchLabels is a map of {key,value} pairs.
|
||||
A single {key,value} in the matchLabels map is equivalent
|
||||
to an element of matchExpressions, whose key field
|
||||
is "key", the operator is "In", and the values array
|
||||
contains only "value". The requirements are ANDed.
|
||||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- overriders
|
||||
type: object
|
||||
type: array
|
||||
overriders:
|
||||
description: Overriders represents the override rules that would apply
|
||||
on resources
|
||||
|
|
@ -359,8 +628,6 @@ spec:
|
|||
type: object
|
||||
type: object
|
||||
type: object
|
||||
required:
|
||||
- overriders
|
||||
type: object
|
||||
required:
|
||||
- spec
|
||||
|
|
|
|||
|
|
@ -25,6 +25,23 @@ type OverrideSpec struct {
|
|||
// +optional
|
||||
ResourceSelectors []ResourceSelector `json:"resourceSelectors,omitempty"`
|
||||
|
||||
// OverrideRules defines a collection of override rules on target clusters.
|
||||
// +optional
|
||||
OverrideRules []RuleWithCluster `json:"overrideRules,omitempty"`
|
||||
|
||||
// TargetCluster defines restrictions on this override policy
|
||||
// that only applies to resources propagated to the matching clusters.
|
||||
// nil means matching all clusters.
|
||||
// +optional
|
||||
TargetCluster *ClusterAffinity `json:"targetCluster,omitempty"`
|
||||
|
||||
// Overriders represents the override rules that would apply on resources
|
||||
// +optional
|
||||
Overriders Overriders `json:"overriders"`
|
||||
}
|
||||
|
||||
// RuleWithCluster defines the override rules on clusters.
|
||||
type RuleWithCluster struct {
|
||||
// TargetCluster defines restrictions on this override policy
|
||||
// that only applies to resources propagated to the matching clusters.
|
||||
// nil means matching all clusters.
|
||||
|
|
|
|||
|
|
@ -340,6 +340,13 @@ func (in *OverrideSpec) DeepCopyInto(out *OverrideSpec) {
|
|||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.OverrideRules != nil {
|
||||
in, out := &in.OverrideRules, &out.OverrideRules
|
||||
*out = make([]RuleWithCluster, len(*in))
|
||||
for i := range *in {
|
||||
(*in)[i].DeepCopyInto(&(*out)[i])
|
||||
}
|
||||
}
|
||||
if in.TargetCluster != nil {
|
||||
in, out := &in.TargetCluster, &out.TargetCluster
|
||||
*out = new(ClusterAffinity)
|
||||
|
|
@ -673,6 +680,28 @@ func (in *ResourceSelector) DeepCopy() *ResourceSelector {
|
|||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *RuleWithCluster) DeepCopyInto(out *RuleWithCluster) {
|
||||
*out = *in
|
||||
if in.TargetCluster != nil {
|
||||
in, out := &in.TargetCluster, &out.TargetCluster
|
||||
*out = new(ClusterAffinity)
|
||||
(*in).DeepCopyInto(*out)
|
||||
}
|
||||
in.Overriders.DeepCopyInto(&out.Overriders)
|
||||
return
|
||||
}
|
||||
|
||||
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleWithCluster.
|
||||
func (in *RuleWithCluster) DeepCopy() *RuleWithCluster {
|
||||
if in == nil {
|
||||
return nil
|
||||
}
|
||||
out := new(RuleWithCluster)
|
||||
in.DeepCopyInto(out)
|
||||
return out
|
||||
}
|
||||
|
||||
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
|
||||
func (in *SpreadConstraint) DeepCopyInto(out *SpreadConstraint) {
|
||||
*out = *in
|
||||
|
|
|
|||
Loading…
Reference in New Issue