diff --git a/charts/Chart.yaml b/charts/Chart.yaml index 77622df5f..897fd0799 100644 --- a/charts/Chart.yaml +++ b/charts/Chart.yaml @@ -20,7 +20,7 @@ kubeVersion: ">=1.16.0" # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.2 +version: 0.0.3 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/_crds/bases/policy.karmada.io_clusteroverridepolicies.yaml b/charts/_crds/bases/policy.karmada.io_clusteroverridepolicies.yaml index 02b926874..d20633dc2 100644 --- a/charts/_crds/bases/policy.karmada.io_clusteroverridepolicies.yaml +++ b/charts/_crds/bases/policy.karmada.io_clusteroverridepolicies.yaml @@ -39,6 +39,275 @@ spec: spec: description: Spec represents the desired behavior of ClusterOverridePolicy. properties: + overrideRules: + description: OverrideRules defines a collection of override rules + on target clusters. + items: + description: RuleWithCluster defines the override rules on clusters. + properties: + overriders: + description: Overriders represents the override rules that would + apply on resources + properties: + argsOverrider: + description: ArgsOverrider represents the rules dedicated + to handling container args + items: + description: CommandArgsOverrider represents the rules + dedicated to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which + will apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. + Items in Value which will be appended after command/args + when Operator is 'add'. Items in Value which match + in command/args will be deleted when Operator is + 'remove'. If Value is empty, then the command/args + will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + commandOverrider: + description: CommandOverrider represents the rules dedicated + to handling container command + items: + description: CommandArgsOverrider represents the rules + dedicated to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which + will apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. + Items in Value which will be appended after command/args + when Operator is 'add'. Items in Value which match + in command/args will be deleted when Operator is + 'remove'. If Value is empty, then the command/args + will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + imageOverrider: + description: ImageOverrider represents the rules dedicated + to handling image overrides. + items: + description: ImageOverrider represents the rules dedicated + to handling image overrides. + properties: + component: + description: 'Component is part of image name. Basically + we presume an image can be made of ''[registry/]repository[:tag]''. + The registry could be: - k8s.gcr.io - fictional.registry.example:10443 + The repository could be: - kube-apiserver - fictional/nginx + The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c' + enum: + - Registry + - Repository + - Tag + type: string + operator: + description: Operator represents the operator which + will apply on the image. + enum: + - add + - remove + - replace + type: string + predicate: + description: "Predicate filters images before applying + the rule. \n Defaults to nil, in that case, the + system will automatically detect image fields if + the resource type is Pod, ReplicaSet, Deployment + or StatefulSet by following rule: - Pod: spec/containers//image + \ - ReplicaSet: spec/template/spec/containers//image + \ - Deployment: spec/template/spec/containers//image + \ - StatefulSet: spec/template/spec/containers//image + In addition, all images will be processed if the + resource object has more than one containers. \n + If not nil, only images matches the filters will + be processed." + properties: + path: + description: Path indicates the path of target + field + type: string + required: + - path + type: object + value: + description: Value to be applied to image. Must not + be empty when operator is 'add' or 'replace'. Defaults + to empty and ignored when operator is 'remove'. + type: string + required: + - component + - operator + type: object + type: array + plaintext: + description: Plaintext represents override rules defined + with plaintext overriders. + items: + description: PlaintextOverrider is a simple overrider + that overrides target fields according to path, operator + and value. + properties: + operator: + description: 'Operator indicates the operation on + target field. Available operators are: add, update + and remove.' + enum: + - add + - remove + - replace + type: string + path: + description: Path indicates the path of target field + type: string + value: + description: Value to be applied to target field. + Must be empty when operator is Remove. + x-kubernetes-preserve-unknown-fields: true + required: + - operator + - path + type: object + type: array + type: object + targetCluster: + description: TargetCluster defines restrictions on this override + policy that only applies to resources propagated to the matching + clusters. nil means matching all clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters to be + selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters to + be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member + clusters by fields. If non-nil and non-empty, only the + clusters match this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member + clusters by labels. If non-nil and non-empty, only the + clusters match this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + type: object + required: + - overriders + type: object + type: array overriders: description: Overriders represents the override rules that would apply on resources @@ -359,8 +628,6 @@ spec: type: object type: object type: object - required: - - overriders type: object required: - spec diff --git a/charts/_crds/bases/policy.karmada.io_overridepolicies.yaml b/charts/_crds/bases/policy.karmada.io_overridepolicies.yaml index 892c516f9..1b19dc8be 100644 --- a/charts/_crds/bases/policy.karmada.io_overridepolicies.yaml +++ b/charts/_crds/bases/policy.karmada.io_overridepolicies.yaml @@ -39,6 +39,275 @@ spec: spec: description: Spec represents the desired behavior of OverridePolicy. properties: + overrideRules: + description: OverrideRules defines a collection of override rules + on target clusters. + items: + description: RuleWithCluster defines the override rules on clusters. + properties: + overriders: + description: Overriders represents the override rules that would + apply on resources + properties: + argsOverrider: + description: ArgsOverrider represents the rules dedicated + to handling container args + items: + description: CommandArgsOverrider represents the rules + dedicated to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which + will apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. + Items in Value which will be appended after command/args + when Operator is 'add'. Items in Value which match + in command/args will be deleted when Operator is + 'remove'. If Value is empty, then the command/args + will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + commandOverrider: + description: CommandOverrider represents the rules dedicated + to handling container command + items: + description: CommandArgsOverrider represents the rules + dedicated to handling command/args overrides. + properties: + containerName: + description: The name of container + type: string + operator: + description: Operator represents the operator which + will apply on the command/args. + enum: + - add + - remove + type: string + value: + description: Value to be applied to command/args. + Items in Value which will be appended after command/args + when Operator is 'add'. Items in Value which match + in command/args will be deleted when Operator is + 'remove'. If Value is empty, then the command/args + will remain the same. + items: + type: string + type: array + required: + - containerName + - operator + type: object + type: array + imageOverrider: + description: ImageOverrider represents the rules dedicated + to handling image overrides. + items: + description: ImageOverrider represents the rules dedicated + to handling image overrides. + properties: + component: + description: 'Component is part of image name. Basically + we presume an image can be made of ''[registry/]repository[:tag]''. + The registry could be: - k8s.gcr.io - fictional.registry.example:10443 + The repository could be: - kube-apiserver - fictional/nginx + The tag cloud be: - latest - v1.19.1 - @sha256:dbcc1c35ac38df41fd2f5e4130b32ffdb93ebae8b3dbe638c23575912276fc9c' + enum: + - Registry + - Repository + - Tag + type: string + operator: + description: Operator represents the operator which + will apply on the image. + enum: + - add + - remove + - replace + type: string + predicate: + description: "Predicate filters images before applying + the rule. \n Defaults to nil, in that case, the + system will automatically detect image fields if + the resource type is Pod, ReplicaSet, Deployment + or StatefulSet by following rule: - Pod: spec/containers//image + \ - ReplicaSet: spec/template/spec/containers//image + \ - Deployment: spec/template/spec/containers//image + \ - StatefulSet: spec/template/spec/containers//image + In addition, all images will be processed if the + resource object has more than one containers. \n + If not nil, only images matches the filters will + be processed." + properties: + path: + description: Path indicates the path of target + field + type: string + required: + - path + type: object + value: + description: Value to be applied to image. Must not + be empty when operator is 'add' or 'replace'. Defaults + to empty and ignored when operator is 'remove'. + type: string + required: + - component + - operator + type: object + type: array + plaintext: + description: Plaintext represents override rules defined + with plaintext overriders. + items: + description: PlaintextOverrider is a simple overrider + that overrides target fields according to path, operator + and value. + properties: + operator: + description: 'Operator indicates the operation on + target field. Available operators are: add, update + and remove.' + enum: + - add + - remove + - replace + type: string + path: + description: Path indicates the path of target field + type: string + value: + description: Value to be applied to target field. + Must be empty when operator is Remove. + x-kubernetes-preserve-unknown-fields: true + required: + - operator + - path + type: object + type: array + type: object + targetCluster: + description: TargetCluster defines restrictions on this override + policy that only applies to resources propagated to the matching + clusters. nil means matching all clusters. + properties: + clusterNames: + description: ClusterNames is the list of clusters to be + selected. + items: + type: string + type: array + exclude: + description: ExcludedClusters is the list of clusters to + be ignored. + items: + type: string + type: array + fieldSelector: + description: FieldSelector is a filter to select member + clusters by fields. If non-nil and non-empty, only the + clusters match this filter will be selected. + properties: + matchExpressions: + description: A list of field selector requirements. + items: + description: A node selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: The label key that the selector applies + to. + type: string + operator: + description: Represents a key's relationship to + a set of values. Valid operators are In, NotIn, + Exists, DoesNotExist. Gt, and Lt. + type: string + values: + description: An array of string values. If the + operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. If the operator + is Gt or Lt, the values array must have a single + element, which will be interpreted as an integer. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + type: object + labelSelector: + description: LabelSelector is a filter to select member + clusters by labels. If non-nil and non-empty, only the + clusters match this filter will be selected. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + type: object + required: + - overriders + type: object + type: array overriders: description: Overriders represents the override rules that would apply on resources @@ -359,8 +628,6 @@ spec: type: object type: object type: object - required: - - overriders type: object required: - spec diff --git a/pkg/apis/policy/v1alpha1/override_types.go b/pkg/apis/policy/v1alpha1/override_types.go index 85bf73ad4..1e4660dd7 100644 --- a/pkg/apis/policy/v1alpha1/override_types.go +++ b/pkg/apis/policy/v1alpha1/override_types.go @@ -25,6 +25,23 @@ type OverrideSpec struct { // +optional ResourceSelectors []ResourceSelector `json:"resourceSelectors,omitempty"` + // OverrideRules defines a collection of override rules on target clusters. + // +optional + OverrideRules []RuleWithCluster `json:"overrideRules,omitempty"` + + // TargetCluster defines restrictions on this override policy + // that only applies to resources propagated to the matching clusters. + // nil means matching all clusters. + // +optional + TargetCluster *ClusterAffinity `json:"targetCluster,omitempty"` + + // Overriders represents the override rules that would apply on resources + // +optional + Overriders Overriders `json:"overriders"` +} + +// RuleWithCluster defines the override rules on clusters. +type RuleWithCluster struct { // TargetCluster defines restrictions on this override policy // that only applies to resources propagated to the matching clusters. // nil means matching all clusters. diff --git a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go index 60c8fee54..9208d90ac 100644 --- a/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go +++ b/pkg/apis/policy/v1alpha1/zz_generated.deepcopy.go @@ -340,6 +340,13 @@ func (in *OverrideSpec) DeepCopyInto(out *OverrideSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } + if in.OverrideRules != nil { + in, out := &in.OverrideRules, &out.OverrideRules + *out = make([]RuleWithCluster, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.TargetCluster != nil { in, out := &in.TargetCluster, &out.TargetCluster *out = new(ClusterAffinity) @@ -673,6 +680,28 @@ func (in *ResourceSelector) DeepCopy() *ResourceSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RuleWithCluster) DeepCopyInto(out *RuleWithCluster) { + *out = *in + if in.TargetCluster != nil { + in, out := &in.TargetCluster, &out.TargetCluster + *out = new(ClusterAffinity) + (*in).DeepCopyInto(*out) + } + in.Overriders.DeepCopyInto(&out.Overriders) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RuleWithCluster. +func (in *RuleWithCluster) DeepCopy() *RuleWithCluster { + if in == nil { + return nil + } + out := new(RuleWithCluster) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SpreadConstraint) DeepCopyInto(out *SpreadConstraint) { *out = *in