Skip to content

Commit 6d77cd6

Browse files
CharlieR-o-o-tCharlieR-o-o-t
committed
feat(manager): Add forbiddenAnnotations,forbiddenLabels to serviceOptions
Signed-off-by: Siarhei Rasiukevich <s.rasiukevich@gmail.com>
1 parent 2465b66 commit 6d77cd6

File tree

12 files changed

+658
-104
lines changed

12 files changed

+658
-104
lines changed

charts/capsule/crds/tenant-crd.yaml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3085,6 +3085,28 @@ spec:
30853085
type: string
30863086
type: object
30873087
type: object
3088+
forbiddenAnnotations:
3089+
description: Define the annotations that a Tenant Owner cannot
3090+
set for their Service resources.
3091+
properties:
3092+
denied:
3093+
items:
3094+
type: string
3095+
type: array
3096+
deniedRegex:
3097+
type: string
3098+
type: object
3099+
forbiddenLabels:
3100+
description: Define the labels that a Tenant Owner cannot set
3101+
for their Service resources.
3102+
properties:
3103+
denied:
3104+
items:
3105+
type: string
3106+
type: array
3107+
deniedRegex:
3108+
type: string
3109+
type: object
30883110
allowedServices:
30893111
description: Block or deny certain type of Services. Optional.
30903112
properties:

config/crd/bases/capsule.clastix.io_tenants.yaml

Lines changed: 44 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1873,6 +1873,28 @@ spec:
18731873
required:
18741874
- allowed
18751875
type: object
1876+
forbiddenAnnotations:
1877+
description: Define the annotations that a Tenant Owner cannot
1878+
set for their Service resources.
1879+
properties:
1880+
denied:
1881+
items:
1882+
type: string
1883+
type: array
1884+
deniedRegex:
1885+
type: string
1886+
type: object
1887+
forbiddenLabels:
1888+
description: Define the labels that a Tenant Owner cannot set
1889+
for their Service resources.
1890+
properties:
1891+
denied:
1892+
items:
1893+
type: string
1894+
type: array
1895+
deniedRegex:
1896+
type: string
1897+
type: object
18761898
type: object
18771899
storageClasses:
18781900
description: Specifies the allowed StorageClasses assigned to the
@@ -3107,6 +3129,28 @@ spec:
31073129
required:
31083130
- allowed
31093131
type: object
3132+
forbiddenAnnotations:
3133+
description: Define the annotations that a Tenant Owner cannot
3134+
set for their Service resources.
3135+
properties:
3136+
denied:
3137+
items:
3138+
type: string
3139+
type: array
3140+
deniedRegex:
3141+
type: string
3142+
type: object
3143+
forbiddenLabels:
3144+
description: Define the labels that a Tenant Owner cannot set
3145+
for their Service resources.
3146+
properties:
3147+
denied:
3148+
items:
3149+
type: string
3150+
type: array
3151+
deniedRegex:
3152+
type: string
3153+
type: object
31103154
type: object
31113155
storageClasses:
31123156
description: Specifies the allowed StorageClasses assigned to the

docs/content/general/crds-apis.md

Lines changed: 160 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4756,6 +4756,20 @@ Specifies options for the Service, such as additional metadata or block of certa
47564756
Specifies the external IPs that can be used in Services with type ClusterIP. An empty list means no IPs are allowed. Optional.<br/>
47574757
</td>
47584758
<td>false</td>
4759+
</tr><tr>
4760+
<td><b><a href="#tenantspecserviceoptionsforbiddenannotations-1">forbiddenAnnotations</a></b></td>
4761+
<td>object</td>
4762+
<td>
4763+
Define the annotations that a Tenant Owner cannot set for their Service resources.<br/>
4764+
</td>
4765+
<td>false</td>
4766+
</tr><tr>
4767+
<td><b><a href="#tenantspecserviceoptionsforbiddenlabels-1">forbiddenLabels</a></b></td>
4768+
<td>object</td>
4769+
<td>
4770+
Define the labels that a Tenant Owner cannot set for their Service resources.<br/>
4771+
</td>
4772+
<td>false</td>
47594773
</tr></tbody>
47604774
</table>
47614775

@@ -4865,6 +4879,72 @@ Specifies the external IPs that can be used in Services with type ClusterIP. An
48654879
</table>
48664880

48674881

4882+
### Tenant.spec.serviceOptions.forbiddenAnnotations
4883+
4884+
4885+
4886+
Define the annotations that a Tenant Owner cannot set for their Service resources.
4887+
4888+
<table>
4889+
<thead>
4890+
<tr>
4891+
<th>Name</th>
4892+
<th>Type</th>
4893+
<th>Description</th>
4894+
<th>Required</th>
4895+
</tr>
4896+
</thead>
4897+
<tbody><tr>
4898+
<td><b>denied</b></td>
4899+
<td>[]string</td>
4900+
<td>
4901+
<br/>
4902+
</td>
4903+
<td>false</td>
4904+
</tr><tr>
4905+
<td><b>deniedRegex</b></td>
4906+
<td>string</td>
4907+
<td>
4908+
<br/>
4909+
</td>
4910+
<td>false</td>
4911+
</tr></tbody>
4912+
</table>
4913+
4914+
4915+
### Tenant.spec.serviceOptions.forbiddenLabels
4916+
4917+
4918+
4919+
Define the labels that a Tenant Owner cannot set for their Service resources.
4920+
4921+
<table>
4922+
<thead>
4923+
<tr>
4924+
<th>Name</th>
4925+
<th>Type</th>
4926+
<th>Description</th>
4927+
<th>Required</th>
4928+
</tr>
4929+
</thead>
4930+
<tbody><tr>
4931+
<td><b>denied</b></td>
4932+
<td>[]string</td>
4933+
<td>
4934+
<br/>
4935+
</td>
4936+
<td>false</td>
4937+
</tr><tr>
4938+
<td><b>deniedRegex</b></td>
4939+
<td>string</td>
4940+
<td>
4941+
<br/>
4942+
</td>
4943+
<td>false</td>
4944+
</tr></tbody>
4945+
</table>
4946+
4947+
48684948
### Tenant.spec.storageClasses
48694949

48704950

@@ -6615,6 +6695,20 @@ Specifies options for the Service, such as additional metadata or block of certa
66156695
Specifies the external IPs that can be used in Services with type ClusterIP. An empty list means no IPs are allowed. Optional.<br/>
66166696
</td>
66176697
<td>false</td>
6698+
</tr><tr>
6699+
<td><b><a href="#tenantspecserviceoptionsforbiddenannotations">forbiddenAnnotations</a></b></td>
6700+
<td>object</td>
6701+
<td>
6702+
Define the annotations that a Tenant Owner cannot set for their Service resources.<br/>
6703+
</td>
6704+
<td>false</td>
6705+
</tr><tr>
6706+
<td><b><a href="#tenantspecserviceoptionsforbiddenlabels">forbiddenLabels</a></b></td>
6707+
<td>object</td>
6708+
<td>
6709+
Define the labels that a Tenant Owner cannot set for their Service resources.<br/>
6710+
</td>
6711+
<td>false</td>
66186712
</tr></tbody>
66196713
</table>
66206714

@@ -6724,6 +6818,72 @@ Specifies the external IPs that can be used in Services with type ClusterIP. An
67246818
</table>
67256819

67266820

6821+
### Tenant.spec.serviceOptions.forbiddenAnnotations
6822+
6823+
6824+
6825+
Define the annotations that a Tenant Owner cannot set for their Service resources.
6826+
6827+
<table>
6828+
<thead>
6829+
<tr>
6830+
<th>Name</th>
6831+
<th>Type</th>
6832+
<th>Description</th>
6833+
<th>Required</th>
6834+
</tr>
6835+
</thead>
6836+
<tbody><tr>
6837+
<td><b>denied</b></td>
6838+
<td>[]string</td>
6839+
<td>
6840+
<br/>
6841+
</td>
6842+
<td>false</td>
6843+
</tr><tr>
6844+
<td><b>deniedRegex</b></td>
6845+
<td>string</td>
6846+
<td>
6847+
<br/>
6848+
</td>
6849+
<td>false</td>
6850+
</tr></tbody>
6851+
</table>
6852+
6853+
6854+
### Tenant.spec.serviceOptions.forbiddenLabels
6855+
6856+
6857+
6858+
Define the labels that a Tenant Owner cannot set for their Service resources.
6859+
6860+
<table>
6861+
<thead>
6862+
<tr>
6863+
<th>Name</th>
6864+
<th>Type</th>
6865+
<th>Description</th>
6866+
<th>Required</th>
6867+
</tr>
6868+
</thead>
6869+
<tbody><tr>
6870+
<td><b>denied</b></td>
6871+
<td>[]string</td>
6872+
<td>
6873+
<br/>
6874+
</td>
6875+
<td>false</td>
6876+
</tr><tr>
6877+
<td><b>deniedRegex</b></td>
6878+
<td>string</td>
6879+
<td>
6880+
<br/>
6881+
</td>
6882+
<td>false</td>
6883+
</tr></tbody>
6884+
</table>
6885+
6886+
67276887
### Tenant.spec.storageClasses
67286888

67296889

0 commit comments

Comments
 (0)