Skip to content

Commit 667ec25

Browse files
scotwellsclaude
scotwells
and
claude
committed
feat(config): CRDs, RBAC, and kustomize overlays for federation
Regenerate the Instance, Workload, and WorkloadDeployment CRDs for the new API fields and add the kustomize structure that deploys the manager in cell or management-plane mode: federation and downstream RBAC bases, cell/management/quota-credentials components, the WorkloadDeployment status interpreter, and the matching overlays. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
1 parent b04650c commit 667ec25

25 files changed

Lines changed: 531 additions & 19 deletions

config/base/crd/bases/compute.datumapis.com_instances.yaml

Lines changed: 71 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,10 @@ spec:
3535
name: Message
3636
priority: 1
3737
type: string
38+
- jsonPath: .status.conditions[?(@.type=="QuotaGranted")].reason
39+
name: Quota
40+
priority: 1
41+
type: string
3842
name: v1alpha
3943
schema:
4044
openAPIV3Schema:
@@ -262,6 +266,28 @@ spec:
262266
description: A list of containers to run within the sandbox.
263267
items:
264268
properties:
269+
args:
270+
description: |-
271+
Arguments to the entrypoint, overriding the image's CMD. Combined with
272+
Command: when Command is also set the resulting invocation is
273+
append(Command, Args...). When only Args is set it overrides CMD while
274+
preserving the image's ENTRYPOINT.
275+
276+
If neither Command nor Args is set, the image's own ENTRYPOINT and CMD
277+
are used unchanged.
278+
items:
279+
type: string
280+
type: array
281+
command:
282+
description: |-
283+
Entrypoint array to run in the container image, overriding the image's
284+
ENTRYPOINT. Each element is a separate token, not a shell command — to run a
285+
shell command use: ["sh", "-c", "my command"].
286+
287+
If not provided, the container image's own ENTRYPOINT is used.
288+
items:
289+
type: string
290+
type: array
265291
env:
266292
description: |-
267293
List of environment variables to set in the container.
@@ -272,8 +298,9 @@ spec:
272298
present in a Container.
273299
properties:
274300
name:
275-
description: Name of the environment variable.
276-
Must be a C_IDENTIFIER.
301+
description: |-
302+
Name of the environment variable.
303+
May consist of any printable ASCII characters except '='.
277304
type: string
278305
value:
279306
description: |-
@@ -332,6 +359,43 @@ spec:
332359
- fieldPath
333360
type: object
334361
x-kubernetes-map-type: atomic
362+
fileKeyRef:
363+
description: |-
364+
FileKeyRef selects a key of the env file.
365+
Requires the EnvFiles feature gate to be enabled.
366+
properties:
367+
key:
368+
description: |-
369+
The key within the env file. An invalid key will prevent the pod from starting.
370+
The keys defined within a source may consist of any printable ASCII characters except '='.
371+
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
372+
type: string
373+
optional:
374+
default: false
375+
description: |-
376+
Specify whether the file or its key must be defined. If the file or key
377+
does not exist, then the env var is not published.
378+
If optional is set to true and the specified key does not exist,
379+
the environment variable will not be set in the Pod's containers.
380+
381+
If optional is set to false and the specified key does not exist,
382+
an error will be returned during Pod creation.
383+
type: boolean
384+
path:
385+
description: |-
386+
The path within the volume from which to select the file.
387+
Must be relative and may not contain the '..' path or start with '..'.
388+
type: string
389+
volumeName:
390+
description: The name of the volume mount
391+
containing the env file.
392+
type: string
393+
required:
394+
- key
395+
- path
396+
- volumeName
397+
type: object
398+
x-kubernetes-map-type: atomic
335399
resourceFieldRef:
336400
description: |-
337401
Selects a resource of the container: only resources limits and requests
@@ -829,6 +893,11 @@ spec:
829893
reason: Pending
830894
status: Unknown
831895
type: Ready
896+
- lastTransitionTime: "1970-01-01T00:00:00Z"
897+
message: Waiting for quota evaluation
898+
reason: PendingEvaluation
899+
status: Unknown
900+
type: QuotaGranted
832901
description: Status defines the current state of an Instance.
833902
properties:
834903
conditions:

config/base/crd/bases/compute.datumapis.com_workloaddeployments.yaml

Lines changed: 62 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -375,6 +375,28 @@ spec:
375375
sandbox.
376376
items:
377377
properties:
378+
args:
379+
description: |-
380+
Arguments to the entrypoint, overriding the image's CMD. Combined with
381+
Command: when Command is also set the resulting invocation is
382+
append(Command, Args...). When only Args is set it overrides CMD while
383+
preserving the image's ENTRYPOINT.
384+
385+
If neither Command nor Args is set, the image's own ENTRYPOINT and CMD
386+
are used unchanged.
387+
items:
388+
type: string
389+
type: array
390+
command:
391+
description: |-
392+
Entrypoint array to run in the container image, overriding the image's
393+
ENTRYPOINT. Each element is a separate token, not a shell command — to run a
394+
shell command use: ["sh", "-c", "my command"].
395+
396+
If not provided, the container image's own ENTRYPOINT is used.
397+
items:
398+
type: string
399+
type: array
378400
env:
379401
description: |-
380402
List of environment variables to set in the container.
@@ -385,8 +407,9 @@ spec:
385407
variable present in a Container.
386408
properties:
387409
name:
388-
description: Name of the environment variable.
389-
Must be a C_IDENTIFIER.
410+
description: |-
411+
Name of the environment variable.
412+
May consist of any printable ASCII characters except '='.
390413
type: string
391414
value:
392415
description: |-
@@ -448,6 +471,43 @@ spec:
448471
- fieldPath
449472
type: object
450473
x-kubernetes-map-type: atomic
474+
fileKeyRef:
475+
description: |-
476+
FileKeyRef selects a key of the env file.
477+
Requires the EnvFiles feature gate to be enabled.
478+
properties:
479+
key:
480+
description: |-
481+
The key within the env file. An invalid key will prevent the pod from starting.
482+
The keys defined within a source may consist of any printable ASCII characters except '='.
483+
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
484+
type: string
485+
optional:
486+
default: false
487+
description: |-
488+
Specify whether the file or its key must be defined. If the file or key
489+
does not exist, then the env var is not published.
490+
If optional is set to true and the specified key does not exist,
491+
the environment variable will not be set in the Pod's containers.
492+
493+
If optional is set to false and the specified key does not exist,
494+
an error will be returned during Pod creation.
495+
type: boolean
496+
path:
497+
description: |-
498+
The path within the volume from which to select the file.
499+
Must be relative and may not contain the '..' path or start with '..'.
500+
type: string
501+
volumeName:
502+
description: The name of the volume
503+
mount containing the env file.
504+
type: string
505+
required:
506+
- key
507+
- path
508+
- volumeName
509+
type: object
510+
x-kubernetes-map-type: atomic
451511
resourceFieldRef:
452512
description: |-
453513
Selects a resource of the container: only resources limits and requests

config/base/crd/bases/compute.datumapis.com_workloads.yaml

Lines changed: 62 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -385,6 +385,28 @@ spec:
385385
sandbox.
386386
items:
387387
properties:
388+
args:
389+
description: |-
390+
Arguments to the entrypoint, overriding the image's CMD. Combined with
391+
Command: when Command is also set the resulting invocation is
392+
append(Command, Args...). When only Args is set it overrides CMD while
393+
preserving the image's ENTRYPOINT.
394+
395+
If neither Command nor Args is set, the image's own ENTRYPOINT and CMD
396+
are used unchanged.
397+
items:
398+
type: string
399+
type: array
400+
command:
401+
description: |-
402+
Entrypoint array to run in the container image, overriding the image's
403+
ENTRYPOINT. Each element is a separate token, not a shell command — to run a
404+
shell command use: ["sh", "-c", "my command"].
405+
406+
If not provided, the container image's own ENTRYPOINT is used.
407+
items:
408+
type: string
409+
type: array
388410
env:
389411
description: |-
390412
List of environment variables to set in the container.
@@ -395,8 +417,9 @@ spec:
395417
variable present in a Container.
396418
properties:
397419
name:
398-
description: Name of the environment variable.
399-
Must be a C_IDENTIFIER.
420+
description: |-
421+
Name of the environment variable.
422+
May consist of any printable ASCII characters except '='.
400423
type: string
401424
value:
402425
description: |-
@@ -458,6 +481,43 @@ spec:
458481
- fieldPath
459482
type: object
460483
x-kubernetes-map-type: atomic
484+
fileKeyRef:
485+
description: |-
486+
FileKeyRef selects a key of the env file.
487+
Requires the EnvFiles feature gate to be enabled.
488+
properties:
489+
key:
490+
description: |-
491+
The key within the env file. An invalid key will prevent the pod from starting.
492+
The keys defined within a source may consist of any printable ASCII characters except '='.
493+
During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
494+
type: string
495+
optional:
496+
default: false
497+
description: |-
498+
Specify whether the file or its key must be defined. If the file or key
499+
does not exist, then the env var is not published.
500+
If optional is set to true and the specified key does not exist,
501+
the environment variable will not be set in the Pod's containers.
502+
503+
If optional is set to false and the specified key does not exist,
504+
an error will be returned during Pod creation.
505+
type: boolean
506+
path:
507+
description: |-
508+
The path within the volume from which to select the file.
509+
Must be relative and may not contain the '..' path or start with '..'.
510+
type: string
511+
volumeName:
512+
description: The name of the volume
513+
mount containing the env file.
514+
type: string
515+
required:
516+
- key
517+
- path
518+
- volumeName
519+
type: object
520+
x-kubernetes-map-type: atomic
461521
resourceFieldRef:
462522
description: |-
463523
Selects a resource of the container: only resources limits and requests

config/base/downstream-rbac/kustomization.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,5 @@
1+
apiVersion: kustomize.config.k8s.io/v1beta1
2+
kind: Kustomization
3+
4+
resources:
5+
- rbac.yaml

config/base/downstream-rbac/rbac.yaml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
apiVersion: rbac.authorization.k8s.io/v1
2+
kind: ClusterRole
3+
metadata:
4+
name: compute-manager
5+
rules:
6+
- apiGroups: [""]
7+
resources: ["namespaces"]
8+
verbs: ["get", "list", "watch", "create", "update", "patch"]
9+
- apiGroups: ["compute.datumapis.com"]
10+
resources: ["workloaddeployments", "workloaddeployments/status", "instances", "instances/status"]
11+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
12+
- apiGroups: ["policy.karmada.io"]
13+
resources: ["propagationpolicies", "clusterpropagationpolicies"]
14+
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
15+
- apiGroups: ["cluster.karmada.io"]
16+
resources: ["clusters"]
17+
verbs: ["get", "list", "watch"]
18+
- apiGroups: ["work.karmada.io"]
19+
resources: ["resourcebindings", "clusterresourcebindings"]
20+
verbs: ["get", "list", "watch"]
21+
- apiGroups: ["config.karmada.io"]
22+
resources: ["resourceinterpreterwebhookconfigurations", "resourceinterpretercustomizations"]
23+
verbs: ["get", "list", "watch"]
24+
---
25+
apiVersion: rbac.authorization.k8s.io/v1
26+
kind: ClusterRoleBinding
27+
metadata:
28+
name: compute-manager
29+
roleRef:
30+
apiGroup: rbac.authorization.k8s.io
31+
kind: ClusterRole
32+
name: compute-manager
33+
subjects:
34+
- kind: User
35+
name: system:serviceaccount:compute-system:compute-manager

0 commit comments

Comments
 (0)