admin/kubesphere
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: kubesphere 4.0 (#6115)

Browse Source 
* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

* feat: kubesphere 4.0

Signed-off-by: ci-bot <ci-bot@kubesphere.io>

---------

Signed-off-by: ci-bot <ci-bot@kubesphere.io>
Co-authored-by: ks-ci-bot <ks-ci-bot@example.com>
Co-authored-by: joyceliu <joyceliu@yunify.com>
This commit is contained in:
KubeSphere CI Bot
2024-09-06 11:05:52 +08:00
committed by GitHub
parent b5015ec7b9
commit 447a51f08b
8557 changed files with 546695 additions and 1146174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
config/ks-core/charts/ks-crds/.helmignore Normal file
View File

@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

24
config/ks-core/charts/ks-crds/Chart.yaml Normal file
View File

@@ -0,0 +1,24 @@
apiVersion: v2
name: ks-crds
description: A Helm chart for KS's CustomResourceDefinition
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.0.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v4.1.0"

534
config/ks-core/charts/ks-crds/crds/app.k8s.io_applications.yaml Normal file
View File

@@ -0,0 +1,534 @@
# Copyright 2020 The Kubernetes Authors.
# SPDX-License-Identifier: Apache-2.0
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
api-approved.kubernetes.io: https://github.com/kubernetes-sigs/application/pull/2
controller-gen.kubebuilder.io/version: v0.4.0
labels:
kubesphere.io/resource-served: 'true'
creationTimestamp: null
name: applications.app.k8s.io
spec:
group: app.k8s.io
names:
categories:
- all
kind: Application
listKind: ApplicationList
plural: applications
shortNames:
- app
singular: application
scope: Namespaced
versions:
- additionalPrinterColumns:
- description: The type of the application
jsonPath: .spec.descriptor.type
name: Type
type: string
- description: The creation date
jsonPath: .spec.descriptor.version
name: Version
type: string
- description: The application object owns the matched resources
jsonPath: .spec.addOwnerRef
name: Owner
type: boolean
- description: Numbers of components ready
jsonPath: .status.componentsReady
name: Ready
type: string
- description: The creation date
jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
description: Application is the Schema for the applications API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
metadata:
type: object
spec:
description: ApplicationSpec defines the specification for an Application.
properties:
addOwnerRef:
description: AddOwnerRef objects - flag to indicate if we need to
add OwnerRefs to matching objects Matching is done by using Selector
to query all ComponentGroupKinds
type: boolean
assemblyPhase:
description: AssemblyPhase represents the current phase of the application's
assembly. An empty value is equivalent to "Succeeded".
type: string
componentKinds:
description: ComponentGroupKinds is a list of Kinds for Application's
components (e.g. Deployments, Pods, Services, CRDs). It can be used
in conjunction with the Application's Selector to list or watch
the Applications components.
items:
description: GroupKind specifies a Group and a Kind, but does not
force a version. This is useful for identifying concepts during
lookup stages without having partially valid types
properties:
group:
type: string
kind:
type: string
required:
- group
- kind
type: object
type: array
descriptor:
description: Descriptor regroups information and metadata about an
application.
properties:
description:
description: Description is a brief string description of the
Application.
type: string
icons:
description: Icons is an optional list of icons for an application.
Icon information includes the source, size, and mime type.
items:
description: ImageSpec contains information about an image used
as an icon.
properties:
size:
description: (optional) The size of the image in pixels
(e.g., 25x25).
type: string
src:
description: The source for image represented as either
an absolute URL to the image or a Data URL containing
the image. Data URLs are defined in RFC 2397.
type: string
type:
description: (optional) The mine type of the image (e.g.,
"image/png").
type: string
required:
- src
type: object
type: array
keywords:
description: Keywords is an optional list of key words associated
with the application (e.g. MySQL, RDBMS, database).
items:
type: string
type: array
links:
description: Links are a list of descriptive URLs intended to
be used to surface additional documentation, dashboards, etc.
items:
description: Link contains information about an URL to surface
documentation, dashboards, etc.
properties:
description:
description: Description is human readable content explaining
the purpose of the link.
type: string
url:
description: Url typically points at a website address.
type: string
type: object
type: array
maintainers:
description: Maintainers is an optional list of maintainers of
the application. The maintainers in this list maintain the the
source code, images, and package for the application.
items:
description: ContactData contains information about an individual
or organization.
properties:
email:
description: Email is the email address.
type: string
name:
description: Name is the descriptive name.
type: string
url:
description: Url could typically be a website address.
type: string
type: object
type: array
notes:
description: Notes contain a human readable snippets intended
as a quick start for the users of the Application. CommonMark
markdown syntax may be used for rich text representation.
type: string
owners:
description: Owners is an optional list of the owners of the installed
application. The owners of the application should be contacted
in the event of a planned or unplanned disruption affecting
the application.
items:
description: ContactData contains information about an individual
or organization.
properties:
email:
description: Email is the email address.
type: string
name:
description: Name is the descriptive name.
type: string
url:
description: Url could typically be a website address.
type: string
type: object
type: array
type:
description: Type is the type of the application (e.g. WordPress,
MySQL, Cassandra).
type: string
version:
description: Version is an optional version indicator for the
Application.
type: string
type: object
info:
description: Info contains human readable key,value pairs for the
Application.
items:
description: InfoItem is a human readable key,value pair containing
important information about how to access the Application.
properties:
name:
description: Name is a human readable title for this piece of
information.
type: string
type:
description: Type of the value for this InfoItem.
type: string
value:
description: Value is human readable content.
type: string
valueFrom:
description: ValueFrom defines a reference to derive the value
from another source.
properties:
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
key:
description: The key to select.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
ingressRef:
description: Select an Ingress.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
host:
description: The optional host to select.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
path:
description: The optional HTTP path.
type: string
protocol:
description: Protocol for the ingress
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
secretKeyRef:
description: Selects a key of a Secret.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
key:
description: The key to select.
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
serviceRef:
description: Select a Service.
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: 'If referring to a piece of an object instead
of an entire object, this string should contain a
valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container
within a pod, this would take on a value like: "spec.containers{name}"
(where "name" refers to the name of the container
that triggered the event) or if no container name
is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to
have some well-defined way of referencing a part of
an object. TODO: this design is not final and this
field is subject to change in the future.'
type: string
kind:
description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
type: string
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
type: string
namespace:
description: 'Namespace of the referent. More info:
https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
type: string
path:
description: The optional HTTP path.
type: string
port:
description: The optional port to select.
format: int32
type: integer
protocol:
description: Protocol for the service
type: string
resourceVersion:
description: 'Specific resourceVersion to which this
reference is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
type: string
uid:
description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
type: string
type: object
type:
description: Type of source.
type: string
type: object
type: object
type: array
selector:
description: 'Selector is a label query over kinds that created by
the application. It must match the component objects'' labels. More
info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors'
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: A label selector requirement is a selector that
contains values, a key, and an operator that relates the key
and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: operator represents a key's relationship to
a set of values. Valid operators are In, NotIn, Exists
and DoesNotExist.
type: string
values:
description: values is an array of string values. If the
operator is In or NotIn, the values array must be non-empty.
If the operator is Exists or DoesNotExist, the values
array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: matchLabels is a map of {key,value} pairs. A single
{key,value} in the matchLabels map is equivalent to an element
of matchExpressions, whose key field is "key", the operator
is "In", and the values array contains only "value". The requirements
are ANDed.
type: object
type: object
type: object
status:
description: ApplicationStatus defines controller's the observed state
of Application
properties:
components:
description: Object status array for all matching objects
items:
description: ObjectStatus is a generic status holder for objects
properties:
group:
description: Object group
type: string
kind:
description: Kind of object
type: string
link:
description: Link to object
type: string
name:
description: Name of object
type: string
status:
description: 'Status. Values: InProgress, Ready, Unknown'
type: string
type: object
type: array
componentsReady:
description: 'ComponentsReady: status of the components in the format
ready/total'
type: string
conditions:
description: Conditions represents the latest state of the object
items:
description: Condition describes the state of an object at a certain
point.
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
lastUpdateTime:
description: Last time the condition was probed
format: date-time
type: string
message:
description: A human readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of condition.
type: string
required:
- status
- type
type: object
type: array
observedGeneration:
description: ObservedGeneration is the most recent generation observed.
It corresponds to the Object's generation, which is updated on mutation
by the API Server.
format: int64
type: integer
type: object
type: object
served: true
storage: true
subresources:
status: {}
status:
acceptedNames:
kind: ""
plural: ""
conditions: []
storedVersions: []

115
config/ks-core/charts/ks-crds/crds/application.kubesphere.io_applicationreleases.yaml Normal file
View File

@@ -0,0 +1,115 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: applicationreleases.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: ApplicationRelease
listKind: ApplicationReleaseList
plural: applicationreleases
shortNames:
- apprls
singular: applicationrelease
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: workspace
type: string
- jsonPath: .metadata.labels.application\.kubesphere\.io/app-id
name: app
type: string
- jsonPath: .metadata.labels.application\.kubesphere\.io/appversion-id
name: appversion
type: string
- jsonPath: .spec.appType
name: appType
type: string
- jsonPath: .metadata.labels.kubesphere\.io/cluster
name: Cluster
type: string
- jsonPath: .metadata.labels.kubesphere\.io/namespace
name: Namespace
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2
schema:
openAPIV3Schema:
description: ApplicationRelease is the Schema for the applicationreleases
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ApplicationReleaseSpec defines the desired state of ApplicationRelease
properties:
appID:
type: string
appType:
type: string
appVersionID:
type: string
values:
format: byte
type: string
required:
- appID
- appVersionID
type: object
status:
description: ApplicationReleaseStatus defines the observed state of ApplicationRelease
properties:
installJobName:
type: string
lastUpdate:
format: date-time
type: string
message:
type: string
realTimeResources:
items:
description: |-
RawMessage is a raw encoded JSON value.
It implements Marshaler and Unmarshaler and can
be used to delay JSON decoding or precompute a JSON encoding.
format: byte
type: string
type: array
specHash:
type: string
state:
type: string
uninstallJobName:
type: string
required:
- state
type: object
type: object
served: true
storage: true
subresources:
status: {}

107
config/ks-core/charts/ks-crds/crds/application.kubesphere.io_applications.yaml Normal file
View File

@@ -0,0 +1,107 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: applications.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: Application
listKind: ApplicationList
plural: applications
shortNames:
- app
singular: application
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.application\.kubesphere\.io/repo-name
name: repo
type: string
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: workspace
type: string
- jsonPath: .spec.appType
name: appType
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2
schema:
openAPIV3Schema:
description: Application is the Schema for the applications API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ApplicationSpec defines the desired state of Application
properties:
abstraction:
type: string
appHome:
type: string
appType:
type: string
attachments:
items:
type: string
type: array
icon:
type: string
resources:
items:
properties:
Desc:
type: string
Group:
type: string
Name:
type: string
ParentNode:
type: string
Resource:
type: string
Version:
type: string
type: object
type: array
type: object
status:
description: ApplicationStatus defines the observed state of Application
properties:
state:
description: 'the state of the helm application: draft, submitted,
passed, rejected, suspended, active'
type: string
updateTime:
format: date-time
type: string
required:
- updateTime
type: object
type: object
served: true
storage: true
subresources:
status: {}

111
config/ks-core/charts/ks-crds/crds/application.kubesphere.io_applicationversions.yaml Normal file
View File

@@ -0,0 +1,111 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: applicationversions.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: ApplicationVersion
listKind: ApplicationVersionList
plural: applicationversions
shortNames:
- appver
singular: applicationversion
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.application\.kubesphere\.io/repo-name
name: repo
type: string
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: workspace
type: string
- jsonPath: .metadata.labels.application\.kubesphere\.io/app-id
name: app
type: string
- jsonPath: .spec.appType
name: appType
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2
schema:
openAPIV3Schema:
description: ApplicationVersion is the Schema for the applicationversions
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ApplicationVersionSpec defines the desired state of ApplicationVersion
properties:
appHome:
type: string
appType:
type: string
created:
format: date-time
type: string
digest:
type: string
icon:
type: string
maintainer:
items:
description: Maintainer describes a Chart maintainer.
properties:
email:
type: string
name:
type: string
url:
type: string
type: object
type: array
pullUrl:
type: string
versionName:
type: string
required:
- versionName
type: object
status:
description: ApplicationVersionStatus defines the observed state of ApplicationVersion
properties:
message:
type: string
state:
type: string
updated:
format: date-time
type: string
userName:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

65
config/ks-core/charts/ks-crds/crds/application.kubesphere.io_categories.yaml Normal file
View File

@@ -0,0 +1,65 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: categories.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: Category
listKind: CategoryList
plural: categories
shortNames:
- appctg
singular: category
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.total
name: total
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2
schema:
openAPIV3Schema:
description: Category is the Schema for the categories API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: CategorySpec defines the desired state of HelmRepo
properties:
icon:
type: string
type: object
status:
properties:
total:
type: integer
required:
- total
type: object
type: object
served: true
storage: true
subresources:
status: {}

103
config/ks-core/charts/ks-crds/crds/application.kubesphere.io_repos.yaml Normal file
View File

@@ -0,0 +1,103 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: repos.application.kubesphere.io
spec:
group: application.kubesphere.io
names:
kind: Repo
listKind: RepoList
plural: repos
shortNames:
- repo
singular: repo
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- jsonPath: .spec.url
name: url
type: string
- jsonPath: .status.state
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v2
schema:
openAPIV3Schema:
description: Repo is the Schema for the repoes API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RepoSpec defines the desired state of Repo
properties:
credential:
properties:
caFile:
description: verify certificates of HTTPS-enabled servers using
this CA bundle
type: string
certFile:
description: identify HTTPS client using this SSL certificate
file
type: string
insecureSkipTLSVerify:
description: skip tls certificate checks for the repository, default
is ture
type: boolean
keyFile:
description: identify HTTPS client using this SSL key file
type: string
password:
description: chart repository password
type: string
username:
description: chart repository username
type: string
type: object
description:
type: string
syncPeriod:
type: integer
url:
type: string
required:
- url
type: object
status:
description: RepoStatus defines the observed state of Repo
properties:
lastUpdateTime:
format: date-time
type: string
state:
type: string
type: object
type: object
served: true
storage: true
subresources:
status: {}

195
config/ks-core/charts/ks-crds/crds/cluster.kubesphere.io_clusters.yaml Normal file
View File

@@ -0,0 +1,195 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: clusters.cluster.kubesphere.io
spec:
group: cluster.kubesphere.io
names:
kind: Cluster
listKind: ClusterList
plural: clusters
singular: cluster
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.provider
name: Provider
type: string
- jsonPath: .status.kubernetesVersion
name: Version
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: Cluster is the schema for the clusters API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
config:
description: Config represents the custom helm chart values used when
installing the cluster
format: byte
type: string
connection:
description: Connection holds info to connect to the member cluster
properties:
externalKubernetesAPIEndpoint:
description: |-
External Kubernetes API Server endpoint
Will be populated by ks-apiserver if connection type is proxy and ExternalKubeAPIEnabled is true.
type: string
kubeconfig:
description: |-
KubeConfig content used to connect to cluster api server
Should provide this field explicitly if connection type is direct.
Will be populated by ks-proxy if connection type is proxy.
format: byte
type: string
kubernetesAPIEndpoint:
description: |-
Kubernetes API Server endpoint. Example: https://10.10.0.1:6443
Should provide this field explicitly if connection type is direct.
Will be populated by ks-apiserver if connection type is proxy.
type: string
kubernetesAPIServerPort:
description: |-
KubeAPIServerPort is the port which listens for forwarding kube-apiserver traffic
Only applicable when connection type is proxy.
type: integer
kubesphereAPIEndpoint:
description: |-
KubeSphere API Server endpoint. Example: http://10.10.0.11:8080
Should provide this field explicitly if connection type is direct.
Will be populated by ks-apiserver if connection type is proxy.
type: string
kubesphereAPIServerPort:
description: |-
KubeSphereAPIServerPort is the port which listens for forwarding kubesphere apigateway traffic
Only applicable when connection type is proxy.
type: integer
token:
description: |-
Token used by agents of member cluster to connect to host cluster proxy.
This field is populated by apiserver only if connection type is proxy.
type: string
type:
description: |-
type defines how host cluster will connect to host cluster
ConnectionTypeDirect means direct connection, this requires
kubeconfig and kubesphere apiserver endpoint provided
ConnectionTypeProxy means using kubesphere proxy, no kubeconfig
or kubesphere apiserver endpoint required
type: string
type: object
enable:
description: |-
Desired state of the cluster
Deprecated: will be removed in the next version.
type: boolean
externalKubeAPIEnabled:
description: ExternalKubeAPIEnabled export kube-apiserver to public
use a lb type service if connection type is proxy
type: boolean
joinFederation:
description: |-
Join cluster as a kubefed cluster
Deprecated: will be removed in the next version.
type: boolean
provider:
description: Provider of the cluster, this field is just for description
type: string
type: object
status:
properties:
conditions:
description: Represents the latest available observations of a cluster's
current state.
items:
properties:
lastTransitionTime:
description: Last time the condition transitioned from one status
to another.
format: date-time
type: string
lastUpdateTime:
description: The last time this condition was updated.
format: date-time
type: string
message:
description: A human-readable message indicating details about
the transition.
type: string
reason:
description: The reason for the condition's last transition.
type: string
status:
description: Status of the condition, one of True, False, Unknown.
type: string
type:
description: Type of the condition
type: string
required:
- status
- type
type: object
type: array
configz:
additionalProperties:
type: boolean
description: |-
Configz is status of components enabled in the member cluster. This is synchronized with member cluster
every amount of time, like 5 minutes.
Deprecated: this field will be removed in the future version.
type: object
kubeSphereVersion:
description: GitVersion of the /kapis/version api response, this field
is populated by cluster controller
type: string
kubernetesVersion:
description: GitVersion of the kubernetes cluster, this field is populated
by cluster controller
type: string
nodeCount:
description: |-
Count of the kubernetes cluster nodes
This field may not reflect the instant status of the cluster.
type: integer
region:
description: Region is the name of the region in which all of the
nodes in the cluster exist. e.g. 'us-east1'.
type: string
uid:
description: UID is the kube-system namespace UID of the cluster,
which represents the unique ID of the cluster.
type: string
zones:
description: Zones are the names of availability zones in which the
nodes of the cluster exist, e.g. 'us-east1-a'.
items:
type: string
type: array
type: object
type: object
served: true
storage: true
subresources: {}

66
config/ks-core/charts/ks-crds/crds/cluster.kubesphere.io_labels.yaml Normal file
View File

@@ -0,0 +1,66 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: labels.cluster.kubesphere.io
spec:
group: cluster.kubesphere.io
names:
kind: Label
listKind: LabelList
plural: labels
singular: label
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.key
name: Key
type: string
- jsonPath: .spec.value
name: Value
type: string
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
backgroundColor:
type: string
clusters:
items:
type: string
type: array
key:
type: string
value:
type: string
required:
- key
- value
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}

167
config/ks-core/charts/ks-crds/crds/extensions.kubesphere.io_apiservices.yaml Normal file
View File

@@ -0,0 +1,167 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: apiservices.extensions.kubesphere.io
spec:
group: extensions.kubesphere.io
names:
kind: APIService
listKind: APIServiceList
plural: apiservices
singular: apiservice
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
APIService is a special resource used in Ks-apiserver
declares a directional proxy path for a resource type API
it's similar to Kubernetes API Aggregation Layer.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
caBundle:
format: byte
type: string
group:
type: string
insecureSkipVerify:
type: boolean
service:
description: |-
service is a reference to the service for this endpoint. Either
service or url must be specified.
the scheme is default to HTTPS.
properties:
name:
description: |-
name is the name of the service.
Required
type: string
namespace:
description: |-
namespace is the namespace of the service.
Required
type: string
path:
description: path is an optional URL path at which the upstream
will be contacted.
type: string
port:
description: |-
port is an optional service port at which the upstream will be contacted.
`port` should be a valid port number (1-65535, inclusive).
Defaults to 443 for backward compatibility.
format: int32
type: integer
required:
- name
- namespace
type: object
url:
description: |-
`url` gives the location of the upstream, in standard URL form
(`scheme://host:port/path`). Exactly one of `url` or `service`
must be specified.
type: string
version:
type: string
type: object
status:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
state:
type: string
type: object
type: object
served: true
storage: true

124
config/ks-core/charts/ks-crds/crds/extensions.kubesphere.io_extensionentries.yaml Normal file
View File

@@ -0,0 +1,124 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: extensionentries.extensions.kubesphere.io
spec:
group: extensions.kubesphere.io
names:
kind: ExtensionEntry
listKind: ExtensionEntryList
plural: extensionentries
singular: extensionentry
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ExtensionEntry declares an entry endpoint that needs to be injected
into ks-console.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
entries:
items:
type: object
x-kubernetes-preserve-unknown-fields: true
type: array
type: object
status:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
state:
type: string
type: object
type: object
served: true
storage: true

219
config/ks-core/charts/ks-crds/crds/extensions.kubesphere.io_jsbundles.yaml Normal file
View File

@@ -0,0 +1,219 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: jsbundles.extensions.kubesphere.io
spec:
group: extensions.kubesphere.io
names:
kind: JSBundle
listKind: JSBundleList
plural: jsbundles
singular: jsbundle
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
JSBundle declares a js bundle that needs to be injected into ks-console,
the endpoint can be provided by a service or a static file.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
raw:
format: byte
type: string
rawFrom:
properties:
caBundle:
format: byte
type: string
configMapKeyRef:
description: Selects a key of a ConfigMap.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
namespace:
type: string
optional:
description: Specify whether the ConfigMap or its key must
be defined
type: boolean
required:
- key
- namespace
type: object
x-kubernetes-map-type: atomic
insecureSkipVerify:
type: boolean
secretKeyRef:
description: Selects a key of a Secret.
properties:
key:
description: The key of the secret to select from. Must be
a valid secret key.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
namespace:
type: string
optional:
description: Specify whether the Secret or its key must be
defined
type: boolean
required:
- key
- namespace
type: object
x-kubernetes-map-type: atomic
service:
description: |-
service is a reference to the service for this endpoint. Either
service or url must be specified.
the scheme is default to HTTPS.
properties:
name:
description: |-
name is the name of the service.
Required
type: string
namespace:
description: |-
namespace is the namespace of the service.
Required
type: string
path:
description: path is an optional URL path at which the upstream
will be contacted.
type: string
port:
description: |-
port is an optional service port at which the upstream will be contacted.
`port` should be a valid port number (1-65535, inclusive).
Defaults to 443 for backward compatibility.
format: int32
type: integer
required:
- name
- namespace
type: object
url:
description: |-
`url` gives the location of the upstream, in standard URL form
(`scheme://host:port/path`). Exactly one of `url` or `service`
must be specified.
type: string
type: object
type: object
status:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
link:
description: Link is the path for downloading JS file, default to
"/dist/{jsBundleName}/index.js".
type: string
state:
type: string
type: object
type: object
served: true
storage: true

224
config/ks-core/charts/ks-crds/crds/extensions.kubesphere.io_reverseproxies.yaml Normal file
View File

@@ -0,0 +1,224 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: reverseproxies.extensions.kubesphere.io
spec:
group: extensions.kubesphere.io
names:
kind: ReverseProxy
listKind: ReverseProxyList
plural: reverseproxies
singular: reverseproxy
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
directives:
properties:
authProxy:
description: Add auth proxy header to requests
type: boolean
headerDown:
description: Sets, adds (with the + prefix), deletes (with the
- prefix), or performs a replacement (by using two arguments,
a search and replacement) in a response header coming downstream
from the backend.
items:
type: string
type: array
headerUp:
description: Sets, adds (with the + prefix), deletes (with the
- prefix), or performs a replacement (by using two arguments,
a search and replacement) in a request header going upstream
to the backend.
items:
type: string
type: array
method:
description: Changes the request's HTTP verb.
type: string
pathRegexp:
items:
type: string
type: array
rejectForwardingRedirects:
description: Reject to forward redirect response
type: boolean
replace:
items:
type: string
type: array
rewrite:
items:
type: string
type: array
stripPathPrefix:
description: Strips the given prefix from the beginning of the
URI path.
type: string
stripPathSuffix:
description: Strips the given suffix from the end of the URI path.
type: string
wrapTransport:
description: ' WrapTransport indicates whether the provided Transport
should be wrapped with default proxy transport behavior (URL
rewriting, X-Forwarded-* header setting)'
type: boolean
type: object
matcher:
properties:
method:
type: string
path:
type: string
required:
- method
- path
type: object
upstream:
properties:
caBundle:
format: byte
type: string
insecureSkipVerify:
type: boolean
service:
description: |-
service is a reference to the service for this endpoint. Either
service or url must be specified.
the scheme is default to HTTPS.
properties:
name:
description: |-
name is the name of the service.
Required
type: string
namespace:
description: |-
namespace is the namespace of the service.
Required
type: string
path:
description: path is an optional URL path at which the upstream
will be contacted.
type: string
port:
description: |-
port is an optional service port at which the upstream will be contacted.
`port` should be a valid port number (1-65535, inclusive).
Defaults to 443 for backward compatibility.
format: int32
type: integer
required:
- name
- namespace
type: object
url:
description: |-
`url` gives the location of the upstream, in standard URL form
(`scheme://host:port/path`). Exactly one of `url` or `service`
must be specified.
type: string
type: object
type: object
status:
properties:
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
state:
type: string
type: object
type: object
served: true
storage: true

68
config/ks-core/charts/ks-crds/crds/gateway.kubesphere.io_ingressclassscopes.yaml Normal file
View File

@@ -0,0 +1,68 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: ingressclassscopes.gateway.kubesphere.io
spec:
group: gateway.kubesphere.io
names:
kind: IngressClassScope
listKind: IngressClassScopeList
plural: ingressclassscopes
singular: ingressclassscope
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: |-
IngressClassScope is a special resource used to
connect other gateways to the KubeSphere platform.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
ingressClass:
properties:
default:
type: boolean
name:
type: string
type: object
scope:
description: |-
Watching scope, when both are empty, watching all namespaces,
when neither is empty, namespaces is preferred.
properties:
namespaceSelector:
type: string
namespaces:
items:
type: string
type: array
type: object
type: object
status:
type: object
x-kubernetes-preserve-unknown-fields: true
type: object
served: true
storage: true

95
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_builtinroles.yaml Normal file
View File

@@ -0,0 +1,95 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: builtinroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: BuiltinRole
listKind: BuiltinRoleList
plural: builtinroles
singular: builtinrole
scope: Cluster
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
role:
type: object
x-kubernetes-embedded-resource: true
x-kubernetes-preserve-unknown-fields: true
targetSelector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
required:
- role
type: object
served: true
storage: true

57
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_categories.yaml Normal file
View File

@@ -0,0 +1,57 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: categories.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: Category
listKind: CategoryList
plural: categories
singular: category
scope: Cluster
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Category is the Schema for the categories API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: CategorySpec defines the desired state of Category
properties:
description:
additionalProperties:
type: string
type: object
displayName:
additionalProperties:
type: string
type: object
icon:
type: string
type: object
type: object
served: true
storage: true

97
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_clusterrolebindings.yaml Normal file
View File

@@ -0,0 +1,97 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: clusterrolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: ClusterRoleBinding
listKind: ClusterRoleBindingList
plural: clusterrolebindings
singular: clusterrolebinding
scope: Cluster
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
roleRef:
description: |-
RoleRef can only reference a WorkspaceRole.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
x-kubernetes-map-type: atomic
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: |-
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
or a value for non-objects such as user and group names.
properties:
apiGroup:
description: |-
APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: |-
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: |-
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: array
required:
- roleRef
type: object
served: true
storage: true

144
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_clusterroles.yaml Normal file
View File

@@ -0,0 +1,144 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: clusterroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: ClusterRole
listKind: ClusterRoleList
plural: clusterroles
singular: clusterrole
scope: Cluster
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: ClusterRole is the Schema for the clusterroles API
properties:
aggregationRoleTemplates:
description: AggregationRoleTemplates means which RoleTemplates are composed
this Role
properties:
roleSelector:
description: RoleSelectors select rules from RoleTemplate`s rules
by labels
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
templateNames:
description: TemplateNames select rules from RoleTemplate`s rules
by RoleTemplate name
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this WorkspaceRole
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: true

179
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_globalrolebindings.yaml Normal file
View File

@@ -0,0 +1,179 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: globalrolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: GlobalRoleBinding
listKind: GlobalRoleBindingList
plural: globalrolebindings
singular: globalrolebinding
scope: Cluster
versions:
- deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
description: GlobalRoleBinding is the Schema for the globalrolebindings API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
roleRef:
description: |-
RoleRef can only reference a GlobalRole.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
x-kubernetes-map-type: atomic
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: |-
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
or a value for non-objects such as user and group names.
properties:
apiGroup:
description: |-
APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: |-
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: |-
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: array
required:
- roleRef
type: object
served: true
storage: false
- name: v1beta1
schema:
openAPIV3Schema:
description: GlobalRoleBinding is the Schema for the globalrolebindings API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
roleRef:
description: |-
RoleRef can only reference a GlobalRole.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
x-kubernetes-map-type: atomic
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: |-
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
or a value for non-objects such as user and group names.
properties:
apiGroup:
description: |-
APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: |-
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: |-
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: array
required:
- roleRef
type: object
served: true
storage: true

215
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_globalroles.yaml Normal file
View File

@@ -0,0 +1,215 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: globalroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: GlobalRole
listKind: GlobalRoleList
plural: globalroles
singular: globalrole
scope: Cluster
versions:
- deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this GlobalRole
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: false
- name: v1beta1
schema:
openAPIV3Schema:
description: GlobalRole is the Schema for the globalroles API
properties:
aggregationRoleTemplates:
description: AggregationRoleTemplates means which RoleTemplates are composed
this Role
properties:
roleSelector:
description: RoleSelectors select rules from RoleTemplate`s rules
by labels
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
templateNames:
description: TemplateNames select rules from RoleTemplate`s rules
by RoleTemplate name
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this WorkspaceRole
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
required:
- rules
type: object
served: true
storage: true

113
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_groupbindings.yaml Normal file
View File

@@ -0,0 +1,113 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: groupbindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- group
kind: GroupBinding
listKind: GroupBindingList
plural: groupbindings
singular: groupbinding
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .groupRef.name
name: Group
type: string
- jsonPath: .users
name: Users
type: string
deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
description: GroupBinding is the Schema for the groupbindings API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
groupRef:
description: GroupRef defines the desired relation of GroupBinding
properties:
apiGroup:
type: string
kind:
type: string
name:
type: string
type: object
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
users:
items:
type: string
type: array
type: object
served: true
storage: false
subresources: {}
- additionalPrinterColumns:
- jsonPath: .groupRef.name
name: Group
type: string
- jsonPath: .users
name: Users
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: GroupBinding is the Schema for the groupbindings API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
groupRef:
description: GroupRef defines the desired relation of GroupBinding
properties:
apiGroup:
type: string
kind:
type: string
name:
type: string
type: object
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
users:
items:
type: string
type: array
type: object
served: true
storage: true
subresources: {}

91
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_groups.yaml Normal file
View File

@@ -0,0 +1,91 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: groups.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- group
kind: Group
listKind: GroupList
plural: groups
singular: group
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
description: Group is the Schema for the groups API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GroupSpec defines the desired state of Group
type: object
status:
description: GroupStatus defines the observed state of Group
type: object
type: object
served: true
storage: false
subresources: {}
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: Group is the Schema for the groups API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: GroupSpec defines the desired state of Group
type: object
status:
description: GroupStatus defines the observed state of Group
type: object
type: object
served: true
storage: true
subresources: {}

165
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_loginrecords.yaml Normal file
View File

@@ -0,0 +1,165 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: loginrecords.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: LoginRecord
listKind: LoginRecordList
plural: loginrecords
singular: loginrecord
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.type
name: Type
type: string
- jsonPath: .spec.provider
name: Provider
type: string
- jsonPath: .spec.sourceIP
name: From
type: string
- jsonPath: .spec.success
name: Success
type: string
- jsonPath: .spec.reason
name: Reason
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
provider:
description: Provider of authentication, Ldap/Github etc.
type: string
reason:
description: States failed login attempt reason
type: string
sourceIP:
description: Source IP of client
type: string
success:
description: Successful login attempt or not
type: boolean
type:
description: Which authentication method used, Password/OAuth/Token
type: string
userAgent:
description: User agent of login attempt
type: string
required:
- provider
- reason
- sourceIP
- success
- type
type: object
required:
- spec
type: object
served: true
storage: false
subresources: {}
- additionalPrinterColumns:
- jsonPath: .spec.type
name: Type
type: string
- jsonPath: .spec.provider
name: Provider
type: string
- jsonPath: .spec.sourceIP
name: From
type: string
- jsonPath: .spec.success
name: Success
type: string
- jsonPath: .spec.reason
name: Reason
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
provider:
description: Provider of authentication, Ldap/Github etc.
type: string
reason:
description: States failed login attempt reason
type: string
sourceIP:
description: Source IP of client
type: string
success:
description: Successful login attempt or not
type: boolean
type:
description: Which authentication method used, Password/OAuth/Token
type: string
userAgent:
description: User agent of login attempt
type: string
required:
- provider
- reason
- sourceIP
- success
- type
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}

97
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_rolebindings.yaml Normal file
View File

@@ -0,0 +1,97 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: rolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: RoleBinding
listKind: RoleBindingList
plural: rolebindings
singular: rolebinding
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
roleRef:
description: |-
RoleRef can only reference a WorkspaceRole.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
x-kubernetes-map-type: atomic
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: |-
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
or a value for non-objects such as user and group names.
properties:
apiGroup:
description: |-
APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: |-
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: |-
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: array
required:
- roleRef
type: object
served: true
storage: true

144
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_roles.yaml Normal file
View File

@@ -0,0 +1,144 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: roles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: Role
listKind: RoleList
plural: roles
singular: role
scope: Namespaced
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: Role is the Schema for the roles API
properties:
aggregationRoleTemplates:
description: AggregationRoleTemplates means which RoleTemplates are composed
this Role
properties:
roleSelector:
description: RoleSelectors select rules from RoleTemplate`s rules
by labels
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
templateNames:
description: TemplateNames select rules from RoleTemplate`s rules
by RoleTemplate name
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this WorkspaceRole
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: true

103
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_roletemplates.yaml Normal file
View File

@@ -0,0 +1,103 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: roletemplates.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: RoleTemplate
listKind: RoleTemplateList
plural: roletemplates
singular: roletemplate
scope: Cluster
versions:
- name: v1beta1
schema:
openAPIV3Schema:
description: RoleTemplate is the Schema for the roletemplates API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: RoleTemplateSpec defines the desired state of RoleTemplate
properties:
description:
additionalProperties:
type: string
type: object
displayName:
additionalProperties:
type: string
description: DisplayName represent the name displays at console, this
field
type: object
rules:
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names
that the rule applies to. An empty set means that everything
is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the
ResourceKinds contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
required:
- rules
type: object
type: object
served: true
storage: true

205
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_users.yaml Normal file
View File

@@ -0,0 +1,205 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: users.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: User
listKind: UserList
plural: users
singular: user
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.email
name: Email
type: string
- jsonPath: .status.state
name: Status
type: string
deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
description: User is the Schema for the users API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: UserSpec defines the desired state of User
properties:
description:
description: Description of the user.
type: string
displayName:
type: string
email:
description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
type: string
groups:
items:
type: string
type: array
lang:
description: The preferred written or spoken language for the user.
type: string
password:
description: |-
password will be encrypted by mutating admission webhook
Password pattern is tricky here.
The rule is simple: length between [6,64], at least one uppercase letter, one lowercase letter, one digit.
The regexp in console(javascript) is quite straightforward: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[^]{6,64}$
But in Go, we don't have ?= (back tracking) capability in regexp (also in CRD validation pattern)
So we adopted an alternative scheme to achieve.
Use 6 different regexp to combine to achieve the same effect.
These six schemes enumerate the arrangement of numbers, uppercase letters, and lowercase letters that appear for the first time.
- ^(.*[a-z].*[A-Z].*[0-9].*)$ stands for lowercase letter comes first, then followed by an uppercase letter, then a digit.
- ^(.*[a-z].*[0-9].*[A-Z].*)$ stands for lowercase letter comes first, then followed by a digit, then an uppercase leeter.
- ^(.*[A-Z].*[a-z].*[0-9].*)$ ...
- ^(.*[A-Z].*[0-9].*[a-z].*)$ ...
- ^(.*[0-9].*[a-z].*[A-Z].*)$ ...
- ^(.*[0-9].*[A-Z].*[a-z].*)$ ...
Last but not least, the bcrypt string is also included to match the encrypted password. ^(\$2[ayb]\$.{56})$
maxLength: 64
minLength: 8
pattern: ^(.*[a-z].*[A-Z].*[0-9].*)$|^(.*[a-z].*[0-9].*[A-Z].*)$|^(.*[A-Z].*[a-z].*[0-9].*)$|^(.*[A-Z].*[0-9].*[a-z].*)$|^(.*[0-9].*[a-z].*[A-Z].*)$|^(.*[0-9].*[A-Z].*[a-z].*)$|^(\$2[ayb]\$.{56})$
type: string
required:
- email
type: object
status:
description: UserStatus defines the observed state of User
properties:
lastLoginTime:
description: Last login attempt timestamp
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
reason:
type: string
state:
description: The user status
type: string
type: object
required:
- spec
type: object
served: true
storage: false
subresources: {}
- additionalPrinterColumns:
- jsonPath: .spec.email
name: Email
type: string
- jsonPath: .status.state
name: Status
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: User is the Schema for the users API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: UserSpec defines the desired state of User
properties:
description:
description: Description of the user.
type: string
displayName:
type: string
email:
description: Unique email address(https://www.ietf.org/rfc/rfc5322.txt).
type: string
groups:
items:
type: string
type: array
lang:
description: The preferred written or spoken language for the user.
type: string
password:
description: |-
password will be encrypted by mutating admission webhook
Password pattern is tricky here.
The rule is simple: length between [6,64], at least one uppercase letter, one lowercase letter, one digit.
The regexp in console(javascript) is quite straightforward: ^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)[^]{6,64}$
But in Go, we don't have ?= (back tracking) capability in regexp (also in CRD validation pattern)
So we adopted an alternative scheme to achieve.
Use 6 different regexp to combine to achieve the same effect.
These six schemes enumerate the arrangement of numbers, uppercase letters, and lowercase letters that appear for the first time.
- ^(.*[a-z].*[A-Z].*[0-9].*)$ stands for lowercase letter comes first, then followed by an uppercase letter, then a digit.
- ^(.*[a-z].*[0-9].*[A-Z].*)$ stands for lowercase letter comes first, then followed by a digit, then an uppercase leeter.
- ^(.*[A-Z].*[a-z].*[0-9].*)$ ...
- ^(.*[A-Z].*[0-9].*[a-z].*)$ ...
- ^(.*[0-9].*[a-z].*[A-Z].*)$ ...
- ^(.*[0-9].*[A-Z].*[a-z].*)$ ...
Last but not least, the bcrypt string is also included to match the encrypted password. ^(\$2[ayb]\$.{56})$
maxLength: 64
minLength: 8
pattern: ^(.*[a-z].*[A-Z].*[0-9].*)$|^(.*[a-z].*[0-9].*[A-Z].*)$|^(.*[A-Z].*[a-z].*[0-9].*)$|^(.*[A-Z].*[0-9].*[a-z].*)$|^(.*[0-9].*[a-z].*[A-Z].*)$|^(.*[0-9].*[A-Z].*[a-z].*)$|^(\$2[ayb]\$.{56})$
type: string
required:
- email
type: object
status:
description: UserStatus defines the observed state of User
properties:
lastLoginTime:
description: Last login attempt timestamp
format: date-time
type: string
lastTransitionTime:
format: date-time
type: string
reason:
type: string
state:
description: The user status
type: string
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}

191
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_workspacerolebindings.yaml Normal file
View File

@@ -0,0 +1,191 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: workspacerolebindings.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: WorkspaceRoleBinding
listKind: WorkspaceRoleBindingList
plural: workspacerolebindings
singular: workspacerolebinding
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
description: WorkspaceRoleBinding is the Schema for the workspacerolebindings
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
roleRef:
description: |-
RoleRef can only reference a WorkspaceRole.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
x-kubernetes-map-type: atomic
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: |-
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
or a value for non-objects such as user and group names.
properties:
apiGroup:
description: |-
APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: |-
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: |-
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: array
required:
- roleRef
type: object
served: true
storage: false
subresources: {}
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: WorkspaceRoleBinding is the Schema for the workspacerolebindings
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
roleRef:
description: |-
RoleRef can only reference a WorkspaceRole.
If the RoleRef cannot be resolved, the Authorizer must return an error.
properties:
apiGroup:
description: APIGroup is the group for the resource being referenced
type: string
kind:
description: Kind is the type of resource being referenced
type: string
name:
description: Name is the name of resource being referenced
type: string
required:
- apiGroup
- kind
- name
type: object
x-kubernetes-map-type: atomic
subjects:
description: Subjects holds references to the objects the role applies
to.
items:
description: |-
Subject contains a reference to the object or user identities a role binding applies to. This can either hold a direct API object reference,
or a value for non-objects such as user and group names.
properties:
apiGroup:
description: |-
APIGroup holds the API group of the referenced subject.
Defaults to "" for ServiceAccount subjects.
Defaults to "rbac.authorization.k8s.io" for User and Group subjects.
type: string
kind:
description: |-
Kind of object being referenced. Values defined by this API group are "User", "Group", and "ServiceAccount".
If the Authorizer does not recognized the kind value, the Authorizer should report an error.
type: string
name:
description: Name of the object being referenced.
type: string
namespace:
description: |-
Namespace of the referenced object. If the object kind is non-namespace, such as "User" or "Group", and this value is not empty
the Authorizer should report an error.
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: array
required:
- roleRef
type: object
served: true
storage: true
subresources: {}

229
config/ks-core/charts/ks-crds/crds/iam.kubesphere.io_workspaceroles.yaml Normal file
View File

@@ -0,0 +1,229 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: workspaceroles.iam.kubesphere.io
spec:
group: iam.kubesphere.io
names:
categories:
- iam
kind: WorkspaceRole
listKind: WorkspaceRoleList
plural: workspaceroles
singular: workspacerole
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- jsonPath: .metadata.annotations.kubesphere\.io/alias-name
name: Alias
type: string
deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this WorkspaceRole
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: false
subresources: {}
- additionalPrinterColumns:
- jsonPath: .metadata.labels.kubesphere\.io/workspace
name: Workspace
type: string
- jsonPath: .metadata.annotations.kubesphere\.io/alias-name
name: Alias
type: string
name: v1beta1
schema:
openAPIV3Schema:
description: WorkspaceRole is the Schema for the workspaceroles API
properties:
aggregationRoleTemplates:
description: AggregationRoleTemplates means which RoleTemplates are composed
this Role
properties:
roleSelector:
description: RoleSelectors select rules from RoleTemplate`s rules
by labels
properties:
matchExpressions:
description: matchExpressions is a list of label selector requirements.
The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector applies
to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
templateNames:
description: TemplateNames select rules from RoleTemplate`s rules
by RoleTemplate name
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
rules:
description: Rules holds all the PolicyRules for this WorkspaceRole
items:
description: |-
PolicyRule holds information that describes a policy rule, but does not contain information
about who the rule applies to or which namespace the rule applies to.
properties:
apiGroups:
description: |-
APIGroups is the name of the APIGroup that contains the resources. If multiple API groups are specified, any action requested against one of
the enumerated resources in any API group will be allowed. "" represents the core API group and "*" represents all API groups.
items:
type: string
type: array
nonResourceURLs:
description: |-
NonResourceURLs is a set of partial urls that a user should have access to. *s are allowed, but only as the full, final step in the path
Since non-resource URLs are not namespaced, this field is only applicable for ClusterRoles referenced from a ClusterRoleBinding.
Rules can either apply to API resources (such as "pods" or "secrets") or non-resource URL paths (such as "/api"), but not both.
items:
type: string
type: array
resourceNames:
description: ResourceNames is an optional white list of names that
the rule applies to. An empty set means that everything is allowed.
items:
type: string
type: array
resources:
description: Resources is a list of resources this rule applies
to. '*' represents all resources.
items:
type: string
type: array
verbs:
description: Verbs is a list of Verbs that apply to ALL the ResourceKinds
contained in this rule. '*' represents all verbs.
items:
type: string
type: array
required:
- verbs
type: object
type: array
type: object
served: true
storage: true
subresources: {}

56
config/ks-core/charts/ks-crds/crds/kubesphere.io_categories.yaml Normal file
View File

@@ -0,0 +1,56 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: categories.kubesphere.io
spec:
group: kubesphere.io
names:
categories:
- extensions
kind: Category
listKind: CategoryList
plural: categories
singular: category
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Category can help us group the extensions.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
description:
additionalProperties:
type: string
type: object
displayName:
additionalProperties:
type: string
type: object
icon:
type: string
type: object
type: object
served: true
storage: true

283
config/ks-core/charts/ks-crds/crds/kubesphere.io_extensions.yaml Normal file
View File

@@ -0,0 +1,283 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: extensions.kubesphere.io
spec:
group: kubesphere.io
names:
categories:
- extensions
kind: Extension
listKind: ExtensionList
plural: extensions
singular: extension
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.state
name: State
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: |-
Extension is synchronized from the Repository.
An extension can contain multiple versions.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ExtensionSpec only contains basic extension information copied
from the latest ExtensionVersion.
properties:
created:
format: date-time
type: string
description:
additionalProperties:
type: string
type: object
displayName:
additionalProperties:
type: string
type: object
icon:
type: string
provider:
additionalProperties:
description: Provider describes an extension provider.
properties:
email:
description: Email is an optional email address to contact the
named provider
type: string
name:
description: Name is a username or organization name
type: string
url:
description: URL is an optional URL to an address for the named
provider
type: string
type: object
type: object
type: object
status:
properties:
clusterSchedulingStatuses:
additionalProperties:
properties:
conditions:
items:
description: "Condition contains details for one aspect of
the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
.status.conditions. For example,\n\n\n\ttype FooStatus
struct{\n\t // Represents the observations of a foo's
current state.\n\t // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+listType=map\n\t // +listMapKey=type\n\t Conditions
[]metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configHash:
type: string
jobName:
type: string
releaseName:
type: string
state:
type: string
stateHistory:
items:
properties:
lastTransitionTime:
format: date-time
type: string
state:
type: string
required:
- lastTransitionTime
- state
type: object
type: array
targetNamespace:
type: string
version:
type: string
type: object
description: ClusterSchedulingStatuses describes the subchart installation
status of the extension
type: object
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
enabled:
type: boolean
installedVersion:
type: string
plannedInstallVersion:
type: string
recommendedVersion:
type: string
state:
type: string
versions:
items:
properties:
creationTimestamp:
format: date-time
type: string
version:
type: string
required:
- version
type: object
type: array
type: object
type: object
served: true
storage: true
subresources: {}

170
config/ks-core/charts/ks-crds/crds/kubesphere.io_extensionversions.yaml Normal file
View File

@@ -0,0 +1,170 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: extensionversions.kubesphere.io
spec:
group: kubesphere.io
names:
categories:
- extensions
kind: ExtensionVersion
listKind: ExtensionVersionList
plural: extensionversions
singular: extensionversion
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ExtensionVersionSpec contains the details of a specific version
extension.
properties:
category:
type: string
chartDataRef:
description: ChartDataRef refers to a configMap which contains raw
chart data.
properties:
key:
description: The key to select.
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
TODO: Add other useful fields. apiVersion, kind, uid?
type: string
namespace:
type: string
optional:
description: Specify whether the ConfigMap or its key must be
defined
type: boolean
required:
- key
- namespace
type: object
x-kubernetes-map-type: atomic
chartURL:
type: string
created:
format: date-time
type: string
description:
additionalProperties:
type: string
type: object
digest:
type: string
displayName:
additionalProperties:
type: string
type: object
docs:
type: string
externalDependencies:
description: ExternalDependencies
items:
properties:
name:
description: Name of the external dependency
type: string
required:
description: Indicates if the dependency is required
type: boolean
type:
description: Type of dependency, defaults to extension
type: string
version:
description: SemVer
type: string
required:
- name
- required
- version
type: object
type: array
home:
type: string
icon:
type: string
installationMode:
default: HostOnly
enum:
- HostOnly
- Multicluster
type: string
keywords:
items:
type: string
type: array
ksVersion:
description: |-
KSVersion is a SemVer constraint specifying the version of KubeSphere required.
eg: >= 1.2.0, see https://github.com/Masterminds/semver for more info.
type: string
kubeVersion:
description: |-
KubeVersion is a SemVer constraint specifying the version of Kubernetes required.
eg: >= 1.2.0, see https://github.com/Masterminds/semver for more info.
type: string
namespace:
description: |-
Namespace represents the namespace in which the extension is installed.
If empty, it will be installed in the namespace named extension-{name}.
type: string
provider:
additionalProperties:
description: Provider describes an extension provider.
properties:
email:
description: Email is an optional email address to contact the
named provider
type: string
name:
description: Name is a username or organization name
type: string
url:
description: URL is an optional URL to an address for the named
provider
type: string
type: object
type: object
repository:
type: string
screenshots:
items:
type: string
type: array
sources:
items:
type: string
type: array
version:
type: string
type: object
type: object
served: true
storage: true

336
config/ks-core/charts/ks-crds/crds/kubesphere.io_installplans.yaml Normal file
View File

@@ -0,0 +1,336 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: installplans.kubesphere.io
spec:
group: kubesphere.io
names:
categories:
- extensions
kind: InstallPlan
listKind: InstallPlanList
plural: installplans
singular: installplan
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .status.state
name: State
type: string
name: v1alpha1
schema:
openAPIV3Schema:
description: InstallPlan defines how to install an extension in the cluster.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
clusterScheduling:
properties:
overrides:
additionalProperties:
type: string
type: object
placement:
properties:
clusterSelector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusters:
items:
type: string
type: array
x-kubernetes-list-type: set
type: object
type: object
config:
type: string
enabled:
type: boolean
extension:
properties:
name:
type: string
version:
type: string
required:
- name
- version
type: object
upgradeStrategy:
default: Manual
type: string
required:
- enabled
- extension
type: object
status:
properties:
clusterSchedulingStatuses:
additionalProperties:
properties:
conditions:
items:
description: "Condition contains details for one aspect of
the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
.status.conditions. For example,\n\n\n\ttype FooStatus
struct{\n\t // Represents the observations of a foo's
current state.\n\t // Known .status.conditions.type are:
\"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+listType=map\n\t // +listMapKey=type\n\t Conditions
[]metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False,
Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configHash:
type: string
jobName:
type: string
releaseName:
type: string
state:
type: string
stateHistory:
items:
properties:
lastTransitionTime:
format: date-time
type: string
state:
type: string
required:
- lastTransitionTime
- state
type: object
type: array
targetNamespace:
type: string
version:
type: string
type: object
description: ClusterSchedulingStatuses describes the subchart installation
status of the extension
type: object
conditions:
items:
description: "Condition contains details for one aspect of the current
state of this API Resource.\n---\nThis struct is intended for
direct use as an array at the field path .status.conditions. For
example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
observations of a foo's current state.\n\t // Known .status.conditions.type
are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
\ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
\ // other fields\n\t}"
properties:
lastTransitionTime:
description: |-
lastTransitionTime is the last time the condition transitioned from one status to another.
This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
description: |-
message is a human readable message indicating details about the transition.
This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
description: |-
observedGeneration represents the .metadata.generation that the condition was set based upon.
For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
description: |-
reason contains a programmatic identifier indicating the reason for the condition's last transition.
Producers of specific condition types may define expected values and meanings for this field,
and whether the values are considered a guaranteed API.
The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
status:
description: status of the condition, one of True, False, Unknown.
enum:
- "True"
- "False"
- Unknown
type: string
type:
description: |-
type of condition in CamelCase or in foo.example.com/CamelCase.
---
Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
useful (see .node.status.conditions), the ability to deconflict is important.
The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
required:
- lastTransitionTime
- message
- reason
- status
- type
type: object
type: array
configHash:
type: string
enabled:
type: boolean
jobName:
type: string
releaseName:
type: string
state:
type: string
stateHistory:
items:
properties:
lastTransitionTime:
format: date-time
type: string
state:
type: string
required:
- lastTransitionTime
- state
type: object
type: array
targetNamespace:
type: string
version:
type: string
type: object
type: object
served: true
storage: true
subresources: {}

80
config/ks-core/charts/ks-crds/crds/kubesphere.io_repositories.yaml Normal file
View File

@@ -0,0 +1,80 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: repositories.kubesphere.io
spec:
group: kubesphere.io
names:
categories:
- extensions
kind: Repository
listKind: RepositoryList
plural: repositories
singular: repository
scope: Cluster
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
description: |-
Repository declared a docker image containing the extension helm chart.
The extension manager controller will deploy and synchronizes the extensions from the image repository.
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
basicAuth:
properties:
password:
type: string
username:
type: string
type: object
caBundle:
description: if the caBundle is empty, use --insecure-skip-tls-verify.
type: string
description:
type: string
image:
type: string
updateStrategy:
properties:
registryPoll:
properties:
interval:
type: string
required:
- interval
type: object
type: object
url:
type: string
type: object
status:
properties:
lastSyncTime:
format: date-time
type: string
type: object
type: object
served: true
storage: true

103
config/ks-core/charts/ks-crds/crds/kubesphere.io_serviceaccounts.yaml Normal file
View File

@@ -0,0 +1,103 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: serviceaccounts.kubesphere.io
spec:
group: kubesphere.io
names:
kind: ServiceAccount
listKind: ServiceAccountList
plural: serviceaccounts
singular: serviceaccount
scope: Namespaced
versions:
- name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
secrets:
items:
description: |-
ObjectReference contains enough information to let you inspect or modify the referred object.
---
New uses of this type are discouraged because of difficulty describing its usage when embedded in APIs.
1. Ignored fields. It includes many fields which are not generally honored. For instance, ResourceVersion and FieldPath are both very rarely valid in actual usage.
2. Invalid usage help. It is impossible to add specific help for individual usage. In most embedded usages, there are particular
restrictions like, "must refer only to types A and B" or "UID not honored" or "name must be restricted".
Those cannot be well described when embedded.
3. Inconsistent validation. Because the usages are different, the validation rules are different by usage, which makes it hard for users to predict what will happen.
4. The fields are both imprecise and overly precise. Kind is not a precise mapping to a URL. This can produce ambiguity
during interpretation and require a REST mapping. In most cases, the dependency is on the group,resource tuple
and the version of the actual struct is irrelevant.
5. We cannot easily change it. Because this type is embedded in many locations, updates to this type
will affect numerous schemas. Don't make new APIs embed an underspecified API type they do not control.
Instead of using this type, create a locally provided and used type that is well-focused on your reference.
For example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 .
properties:
apiVersion:
description: API version of the referent.
type: string
fieldPath:
description: |-
If referring to a piece of an object instead of an entire object, this string
should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2].
For example, if the object reference is to a container within a pod, this would take on a value like:
"spec.containers{name}" (where "name" refers to the name of the container that triggered
the event) or if no container name is specified "spec.containers[2]" (container with
index 2 in this pod). This syntax is chosen only to have some well-defined way of
referencing a part of an object.
TODO: this design is not final and this field is subject to change in the future.
type: string
kind:
description: |-
Kind of the referent.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
name:
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
resourceVersion:
description: |-
Specific resourceVersion to which this reference is made, if any.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency
type: string
uid:
description: |-
UID of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids
type: string
type: object
x-kubernetes-map-type: atomic
type: array
type: object
served: true
storage: true

191
config/ks-core/charts/ks-crds/crds/quota.kubesphere.io_resourcequotas.yaml Normal file
View File

@@ -0,0 +1,191 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: resourcequotas.quota.kubesphere.io
spec:
group: quota.kubesphere.io
names:
categories:
- quota
kind: ResourceQuota
listKind: ResourceQuotaList
plural: resourcequotas
singular: resourcequota
scope: Cluster
versions:
- name: v1alpha2
schema:
openAPIV3Schema:
description: ResourceQuota sets aggregate quota restrictions enforced per
workspace
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: Spec defines the desired quota
properties:
quota:
description: Quota defines the desired quota
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
hard is the set of desired hard limits for each named resource.
More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
type: object
scopeSelector:
description: |-
scopeSelector is also a collection of filters like scopes that must match each object tracked by a quota
but expressed using ScopeSelectorOperator in combination with possible values.
For a resource to match, both scopes AND scopeSelector (if specified in spec), must be matched.
properties:
matchExpressions:
description: A list of scope selector requirements by scope
of the resources.
items:
description: |-
A scoped-resource selector requirement is a selector that contains values, a scope name, and an operator
that relates the scope name and values.
properties:
operator:
description: |-
Represents a scope's relationship to a set of values.
Valid operators are In, NotIn, Exists, DoesNotExist.
type: string
scopeName:
description: The name of the scope that the selector
applies to.
type: string
values:
description: |-
An array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty.
This array is replaced during a strategic merge patch.
items:
type: string
type: array
required:
- operator
- scopeName
type: object
type: array
type: object
x-kubernetes-map-type: atomic
scopes:
description: |-
A collection of filters that must match each object tracked by a quota.
If not specified, the quota matches all objects.
items:
description: A ResourceQuotaScope defines a filter that must
match each object tracked by a quota
type: string
type: array
type: object
selector:
additionalProperties:
type: string
description: LabelSelector is used to select projects by label.
type: object
required:
- quota
- selector
type: object
status:
description: Status defines the actual enforced quota and its current
usage
properties:
namespaces:
description: Namespaces slices the usage by project.
items:
description: ResourceQuotaStatusByNamespace gives status for a particular
project
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Hard is the set of enforced hard limits for each named resource.
More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
type: object
namespace:
description: Namespace the project this status applies to
type: string
used:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of the
resource in the namespace.
type: object
required:
- namespace
type: object
type: array
total:
description: Total defines the actual enforced quota and its current
usage across all projects
properties:
hard:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: |-
Hard is the set of enforced hard limits for each named resource.
More info: https://kubernetes.io/docs/concepts/policy/resource-quotas/
type: object
used:
additionalProperties:
anyOf:
- type: integer
- type: string
pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
x-kubernetes-int-or-string: true
description: Used is the current observed total usage of the resource
in the namespace.
type: object
type: object
required:
- namespaces
- total
type: object
required:
- spec
type: object
served: true
storage: true
subresources:
status: {}

117
config/ks-core/charts/ks-crds/crds/storage.kubesphere.io_provisionercapabilities.yaml Normal file
View File

@@ -0,0 +1,117 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: provisionercapabilities.storage.kubesphere.io
spec:
group: storage.kubesphere.io
names:
kind: ProvisionerCapability
listKind: ProvisionerCapabilityList
plural: provisionercapabilities
singular: provisionercapability
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.pluginInfo.name
name: Provisioner
type: string
- jsonPath: .spec.features.volume.expandMode
name: Expand
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: ProvisionerCapability is the schema for the provisionercapability
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: ProvisionerCapabilitySpec defines the desired state of ProvisionerCapability
properties:
features:
description: CapabilityFeatures describe storage features
properties:
snapshot:
description: SnapshotFeature describe snapshot features
properties:
create:
type: boolean
list:
type: boolean
required:
- create
- list
type: object
topology:
type: boolean
volume:
description: VolumeFeature describe volume features
properties:
attach:
type: boolean
clone:
type: boolean
create:
type: boolean
expandMode:
type: string
list:
type: boolean
stats:
type: boolean
required:
- attach
- clone
- create
- expandMode
- list
- stats
type: object
required:
- snapshot
- topology
- volume
type: object
pluginInfo:
description: PluginInfo describes plugin info
properties:
name:
type: string
version:
type: string
required:
- name
- version
type: object
required:
- features
- pluginInfo
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}

117
config/ks-core/charts/ks-crds/crds/storage.kubesphere.io_storageclasscapabilities.yaml Normal file
View File

@@ -0,0 +1,117 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: storageclasscapabilities.storage.kubesphere.io
spec:
group: storage.kubesphere.io
names:
kind: StorageClassCapability
listKind: StorageClassCapabilityList
plural: storageclasscapabilities
singular: storageclasscapability
scope: Cluster
versions:
- additionalPrinterColumns:
- jsonPath: .spec.provisioner
name: Provisioner
type: string
- jsonPath: .spec.features.volume.create
name: Volume
type: boolean
- jsonPath: .spec.features.volume.expandMode
name: Expand
type: string
- jsonPath: .spec.features.volume.clone
name: Clone
type: boolean
- jsonPath: .spec.features.snapshot.create
name: Snapshot
type: boolean
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
description: StorageClassCapability is the Schema for the storage class capability
API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: StorageClassCapabilitySpec defines the desired state of StorageClassCapability
properties:
features:
description: CapabilityFeatures describe storage features
properties:
snapshot:
description: SnapshotFeature describe snapshot features
properties:
create:
type: boolean
list:
type: boolean
required:
- create
- list
type: object
topology:
type: boolean
volume:
description: VolumeFeature describe volume features
properties:
attach:
type: boolean
clone:
type: boolean
create:
type: boolean
expandMode:
type: string
list:
type: boolean
stats:
type: boolean
required:
- attach
- clone
- create
- expandMode
- list
- stats
type: object
required:
- snapshot
- topology
- volume
type: object
provisioner:
type: string
required:
- features
- provisioner
type: object
required:
- spec
type: object
served: true
storage: true
subresources: {}

86
config/ks-core/charts/ks-crds/crds/tenant.kubesphere.io_workspaces.yaml Normal file
View File

@@ -0,0 +1,86 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: workspaces.tenant.kubesphere.io
spec:
group: tenant.kubesphere.io
names:
categories:
- tenant
kind: Workspace
listKind: WorkspaceList
plural: workspaces
singular: workspace
scope: Cluster
versions:
- deprecated: true
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
manager:
type: string
networkIsolation:
type: boolean
type: object
status:
type: object
type: object
served: true
storage: false
- name: v1beta1
schema:
openAPIV3Schema:
description: Workspace is the Schema for the workspaces API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
type: object
status:
description: WorkspaceStatus defines the observed state of Workspace
type: object
type: object
served: true
storage: true

258
config/ks-core/charts/ks-crds/crds/tenant.kubesphere.io_workspacetemplates.yaml Normal file
View File

@@ -0,0 +1,258 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: (unknown)
name: workspacetemplates.tenant.kubesphere.io
spec:
group: tenant.kubesphere.io
names:
categories:
- tenant
kind: WorkspaceTemplate
listKind: WorkspaceTemplateList
plural: workspacetemplates
singular: workspacetemplate
scope: Cluster
versions:
- deprecated: true
name: v1alpha2
schema:
openAPIV3Schema:
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
overrides:
items:
properties:
clusterName:
type: string
clusterOverrides:
items:
properties:
op:
type: string
path:
type: string
value:
type: object
x-kubernetes-preserve-unknown-fields: true
required:
- path
type: object
type: array
required:
- clusterName
type: object
type: array
placement:
properties:
clusterSelector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
template:
properties:
metadata:
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
type: object
type: object
required:
- placement
- template
type: object
type: object
served: true
storage: false
- name: v1beta1
schema:
openAPIV3Schema:
description: WorkspaceTemplate is the Schema for the workspacetemplates API
properties:
apiVersion:
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
properties:
placement:
properties:
clusterSelector:
description: |-
A label selector is a label query over a set of resources. The result of matchLabels and
matchExpressions are ANDed. An empty label selector matches all objects. A null
label selector matches no objects.
properties:
matchExpressions:
description: matchExpressions is a list of label selector
requirements. The requirements are ANDed.
items:
description: |-
A label selector requirement is a selector that contains values, a key, and an operator that
relates the key and values.
properties:
key:
description: key is the label key that the selector
applies to.
type: string
operator:
description: |-
operator represents a key's relationship to a set of values.
Valid operators are In, NotIn, Exists and DoesNotExist.
type: string
values:
description: |-
values is an array of string values. If the operator is In or NotIn,
the values array must be non-empty. If the operator is Exists or DoesNotExist,
the values array must be empty. This array is replaced during a strategic
merge patch.
items:
type: string
type: array
required:
- key
- operator
type: object
type: array
matchLabels:
additionalProperties:
type: string
description: |-
matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
map is equivalent to an element of matchExpressions, whose key field is "key", the
operator is "In", and the values array contains only "value". The requirements are ANDed.
type: object
type: object
x-kubernetes-map-type: atomic
clusters:
items:
properties:
name:
type: string
required:
- name
type: object
type: array
x-kubernetes-list-map-keys:
- name
x-kubernetes-list-type: map
type: object
template:
properties:
metadata:
properties:
annotations:
additionalProperties:
type: string
type: object
labels:
additionalProperties:
type: string
type: object
type: object
spec:
description: WorkspaceSpec defines the desired state of Workspace
properties:
manager:
type: string
type: object
type: object
required:
- placement
- template
type: object
type: object
served: true
storage: true

9
config/ks-core/charts/ks-crds/scripts/install.sh Normal file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
CRDS_PATH=$1
echo "ks-crds pre upgrade..."
# shellcheck disable=SC1060
for crd in `ls $CRDS_PATH|grep \.yaml$`; do
echo $crd
kubectl apply -f $CRDS_PATH/$crd
done

42
config/ks-core/charts/ks-crds/templates/pre-upgrade-job.yaml Normal file
View File

@@ -0,0 +1,42 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: "{{ .Release.Name }}-ks-crds-pre-upgrade-scripts"
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "-1"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
data:
{{ (.Files.Glob "scripts/install.sh").AsConfig | indent 2 }}
{{ (.Files.Glob "crds/*").AsConfig | indent 2 }}
---
apiVersion: batch/v1
kind: Job
metadata:
name: "{{ .Release.Name }}-ks-crds-pre-upgrade"
annotations:
"helm.sh/hook": pre-upgrade
"helm.sh/hook-weight": "10"
"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed
spec:
template:
spec:
restartPolicy: Never
serviceAccountName: {{ include "ks-core.serviceAccountName" . }}
containers:
- name: crd-install
image: {{ template "preUpgrade.image" . }}
command:
- /bin/bash
- /scripts/install.sh
- /scripts
volumeMounts:
- mountPath: /scripts
name: scripts
resources: {{- toYaml .Values.preUpgrade.resources | nindent 12 }}
volumes:
- name: scripts
configMap:
name: "{{ .Release.Name }}-ks-crds-pre-upgrade-scripts"
defaultMode: 420

17
config/ks-core/charts/ks-crds/values.yaml Normal file
View File

@@ -0,0 +1,17 @@
# Default values for ks-crds.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
preUpgrade:
image:
registry: ""
repository: kubesphereio/kubectl
tag: "v1.27.12"
pullPolicy: IfNotPresent
resources:
limits:
cpu: 1
memory: 1024Mi
requests:
cpu: 20m
memory: 100Mi