From bfc3f97591c40acbcb20b29b878a3dffce7a631b Mon Sep 17 00:00:00 2001 From: Chaer Date: Mon, 15 Jan 2024 11:16:36 +0800 Subject: [PATCH 1/2] init ctrlmesh v0.1.3-alpha.0 --- versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml | 9 + versions/ctrlmesh/0.1.3-alpha.0/README.md | 0 .../0.1.3-alpha.0/templates/NOTES.txt | 1 + .../0.1.3-alpha.0/templates/_helpers.tpl | 62 ++++ .../0.1.3-alpha.0/templates/configmap.yaml | 8 + .../templates/crd/circuitbreakers.yaml | 296 ++++++++++++++++++ .../templates/crd/managerstates.yaml | 74 +++++ .../templates/crd/shardingconfigs.yaml | 294 +++++++++++++++++ .../0.1.3-alpha.0/templates/deployment.yaml | 85 +++++ .../0.1.3-alpha.0/templates/namespace.yaml | 6 + .../templates/rbac/leader_election_role.yaml | 38 +++ .../rbac/leader_election_role_binding.yaml | 13 + .../rbac/managerstate_editor_role.yaml | 24 ++ .../rbac/managerstate_viewer_role.yaml | 20 ++ .../templates/rbac/public_role.yaml | 14 + .../templates/rbac/public_role_binding.yaml | 15 + .../0.1.3-alpha.0/templates/rbac/role.yaml | 94 ++++++ .../templates/rbac/role_binding.yaml | 12 + .../0.1.3-alpha.0/templates/service.yaml | 15 + .../templates/serviceaccount.yaml | 5 + .../templates/webhook/mutating.yaml | 85 +++++ .../templates/webhook/validating.yaml | 28 ++ versions/ctrlmesh/0.1.3-alpha.0/values.yaml | 53 ++++ 23 files changed, 1251 insertions(+) create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/README.md create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/NOTES.txt create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/_helpers.tpl create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/configmap.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/crd/shardingconfigs.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/deployment.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/namespace.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role_binding.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_editor_role.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_viewer_role.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role_binding.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role_binding.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/service.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/serviceaccount.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/validating.yaml create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/values.yaml diff --git a/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml b/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml new file mode 100644 index 0000000..39658a9 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +name: ctrlmesh +description: Helm chart for Controller-Mesh components +version: 0.1.2 +appVersion: 0.1.2 + +home: https://KusionStack.io +sources: + - https://github.com/KusionStack/controllermesh \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/README.md b/versions/ctrlmesh/0.1.3-alpha.0/README.md new file mode 100644 index 0000000..e69de29 diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/NOTES.txt b/versions/ctrlmesh/0.1.3-alpha.0/templates/NOTES.txt new file mode 100644 index 0000000..84a36a4 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/NOTES.txt @@ -0,0 +1 @@ +Welcome! ^_^ \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/_helpers.tpl b/versions/ctrlmesh/0.1.3-alpha.0/templates/_helpers.tpl new file mode 100644 index 0000000..140fe6b --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "myctrlmesh.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "myctrlmesh.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "myctrlmesh.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "myctrlmesh.labels" -}} +helm.sh/chart: {{ include "myctrlmesh.chart" . }} +{{ include "myctrlmesh.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "myctrlmesh.selectorLabels" -}} +app.kubernetes.io/name: {{ include "myctrlmesh.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "myctrlmesh.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "myctrlmesh.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/configmap.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/configmap.yaml new file mode 100644 index 0000000..dc36043 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + resource-config: | + {{- toYaml .Values.shardingGroupVersionKinds | nindent 4 }} +kind: ConfigMap +metadata: + name: ctrlmesh-sharding-resource + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml new file mode 100644 index 0000000..d599d04 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml @@ -0,0 +1,296 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: circuitbreakers.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + shortNames: + - cbk + singular: circuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CircuitBreaker is the Schema for the circuitbreakers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CircuitBreakerSpec defines the desired state of CircuitBreaker + properties: + rateLimitings: + description: RateLimitings defines the limit policies + items: + description: Limiting defines the limit policy + properties: + bucket: + description: Bucket defines the whole token bucket of the policy + properties: + burst: + description: Burst is the max token number of the bucket + format: int32 + type: integer + interval: + description: 'Interval is the time interval of the limiting + policy, in format of time like: 1h, 3m, 5s.' + type: string + limit: + description: Limit is the token number of the limiting policy. + format: int32 + type: integer + required: + - burst + - interval + - limit + type: object + name: + description: Name is the name of the policy + type: string + properties: + additionalProperties: + type: string + description: 'ValidatePolicy determine the opportunity to validate + req ValidatePolicy ValidatePolicy `json:"validatePolicy,omitempty"` + Properties defines the additional properties of the policy, + like: SleepingWindowSize' + type: object + recoverPolicy: + description: RecoverPolicy defines how the circuit-breaking + policy recovered from 'Opened' to 'Closed' + properties: + sleepingWindowSize: + type: string + type: + type: string + required: + - type + type: object + resourceRules: + description: ResourceRules defines the target k8s resource of + the limiting policy + items: + description: ResourceRule defines the target k8s resource + of the limiting policy + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that + contains the resources. If multiple API groups are + specified, any action requested against one of the enumerated + resources in any API group will be allowed. "*" means + all. + items: + type: string + type: array + namespaces: + description: Namespaces is a list of namespaces the rule + applies to. "*" means all. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule + applies to. "*" means all in the specified apiGroups. + "*/foo" represents the subresource 'foo' for all resources + in the specified apiGroups. + items: + type: string + type: array + verbs: + description: 'Verb is a list of kubernetes resource API + verbs, like: get, list, watch, create, update, delete, + proxy. "*" means all.' + items: + type: string + type: array + required: + - apiGroups + - resources + - verbs + type: object + type: array + restRules: + description: RestRules defines the target rest resource of the + limiting policy + items: + description: RestRule defines the target rest resource of + the limiting policy + properties: + method: + description: 'Method specifies the http method of the + request, like: PUT, POST, GET, DELETE.' + type: string + url: + description: URL gives the location of the rest request, + in standard URL form (`scheme://host:port/path`) + type: string + required: + - method + - url + type: object + type: array + triggerPolicy: + description: TriggerPolicy defines how the circuit-breaking + policy triggered from 'Closed' to 'Opened' + type: string + required: + - bucket + - name + - triggerPolicy + type: object + type: array + selector: + description: Selector is a label query over pods of this application. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + trafficInterceptRules: + description: TrafficInterceptRules defines the traffic rules + items: + description: TrafficInterceptRule defines the traffic intercept + rule + properties: + contentType: + description: ContentType is the content type of the traffic + rule + type: string + contents: + description: Content is the content of the traffic rule + items: + type: string + type: array + interceptType: + description: InterceptType is the intercept type of the traffic + rule + type: string + methods: + description: 'Method specifies the http method of the request, + like: PUT, POST, GET, DELETE.' + items: + type: string + type: array + name: + description: Name is the name of the traffic rule + type: string + required: + - contentType + - contents + - interceptType + - methods + - name + type: object + type: array + required: + - selector + type: object + status: + description: CircuitBreakerStatus defines the observed state of CircuitBreaker + properties: + currentSpecHash: + type: string + lastUpdatedTime: + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + targetStatus: + items: + properties: + configHash: + type: string + limitingSnapshots: + items: + description: LimitingSnapshot defines the snapshot of the + whole limiting policy + properties: + lastTransitionTime: + description: LastTransitionTime is the last time that + the status changed + format: date-time + type: string + name: + description: Name specifies the name of the policy + type: string + state: + description: Status is the status of the circuit breaker, + which may be 'Opened' or 'Closed'. + type: string + required: + - name + - state + type: object + type: array + message: + type: string + podIP: + type: string + podName: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml new file mode 100644 index 0000000..6e76a77 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml @@ -0,0 +1,74 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: managerstates.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: ManagerState + listKind: ManagerStateList + plural: managerstates + singular: managerstate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagerState is the Schema for the managerstates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagerStateSpec defines the desired state of ManagerState + type: object + status: + description: ManagerStateStatus defines the observed state of ManagerState + properties: + endpoints: + items: + properties: + leader: + type: boolean + name: + type: string + podIP: + type: string + required: + - leader + - name + - podIP + type: object + type: array + namespace: + type: string + ports: + properties: + grpcLeaderElectionPort: + type: integer + grpcNonLeaderElectionPort: + type: integer + type: object + updateTimestamp: + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/shardingconfigs.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/shardingconfigs.yaml new file mode 100644 index 0000000..1d3023c --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/shardingconfigs.yaml @@ -0,0 +1,294 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: shardingconfigs.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: ShardingConfig + listKind: ShardingConfigList + plural: shardingconfigs + shortNames: + - shard + singular: shardingconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ShardingConfig is the Schema for the ShardingConfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ShardingConfigSpec defines the desired state of ShardingConfig + properties: + controller: + description: ShardingConfigControllerConfiguration defines the configuration + of controller in this application. + properties: + leaderElectionName: + type: string + required: + - leaderElectionName + type: object + limits: + items: + properties: + relateResources: + items: + properties: + apiGroups: + items: + type: string + type: array + resources: + items: + type: string + type: array + type: object + type: array + selector: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + root: + properties: + auto: + description: Auto is config to automatically generate child ShardingConfig + properties: + everyShardReplicas: + type: integer + shardingSize: + type: integer + required: + - everyShardReplicas + - shardingSize + type: object + canary: + description: Canary is canary shard config + properties: + inNamespaces: + items: + type: string + type: array + inShardHash: + items: + type: string + type: array + replicas: + type: integer + required: + - replicas + type: object + disable: + type: boolean + prefix: + type: string + resourceSelector: + items: + properties: + relateResources: + items: + properties: + apiGroups: + items: + type: string + type: array + resources: + items: + type: string + type: array + type: object + type: array + selector: + description: A label selector is a label query over a set + of resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. + A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + targetStatefulSet: + type: string + required: + - prefix + - targetStatefulSet + type: object + selector: + description: Selector is a label query over pods of this configuration. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + webhook: + description: ShardingConfigWebhookConfiguration defines the configuration + of webhook in this application. + properties: + certDir: + type: string + port: + type: integer + required: + - certDir + - port + type: object + type: object + status: + description: ShardingConfigStatus defines the observed state of ShardingConfig + properties: + root: + properties: + childShardingConfigs: + items: + type: string + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/deployment.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/deployment.yaml new file mode 100644 index 0000000..7795217 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/deployment.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + ctrlmesh.kusionstack.io/ignore-webhook: 'true' + name: ctrlmesh + namespace: {{ .Values.namespace }} +spec: + replicas: {{ .Values.manager.replicas }} + revisionHistoryLimit: 10 + selector: + matchLabels: + control-plane: ctrlmesh + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + control-plane: ctrlmesh + ctrlmesh.kusionstack.io/ignore-webhook: 'true' + ctrlmesh.kusionstack.io/watching: 'true' + spec: + containers: + - args: + - --logtostderr=true + - --v=4 + - --leader-election-namespace={{ .Values.namespace }} + - --proxy-image={{ .Values.proxy.image.repo }}:{{ .Values.proxy.image.tag }} + - --proxy-cpu={{ .Values.proxy.resources.cpu }} + - --proxy-memory={{ .Values.proxy.resources.memory }} + - --proxy-image-pull-policy={{ .Values.proxy.image.pullPolicy }} + command: + - /ctrlmesh-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_WEBHOOK_SERVER + value: 'true' + - name: WEBHOOK_CERT_WRITER + value: secret + - name: WATCH_ON_LIMIT + value: 'true' + image: {{ .Values.manager.image.repo }}:{{ .Values.manager.image.tag }} + imagePullPolicy: {{ .Values.manager.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + name: manager + readinessProbe: + failureThreshold: 3 + httpGet: + path: /delay + port: 8083 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: + {{- toYaml .Values.manager.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + serviceAccount: ctrlmesh-serviceaccount + serviceAccountName: ctrlmesh-serviceaccount \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/namespace.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/namespace.yaml new file mode 100644 index 0000000..f55e183 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.namespaceEnabled -}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role.yaml new file mode 100644 index 0000000..eba124e --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role.yaml @@ -0,0 +1,38 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role + namespace: {{ .Values.namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role_binding.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..d2db064 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ctrlmesh-leader-election-rolebinding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_editor_role.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_editor_role.yaml new file mode 100644 index 0000000..ce51d6e --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit managerstates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managerstate-editor-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates/status + verbs: + - get diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_viewer_role.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_viewer_role.yaml new file mode 100644 index 0000000..fda2de2 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/managerstate_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view managerstates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managerstate-viewer-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + verbs: + - get + - list + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates/status + verbs: + - get diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role.yaml new file mode 100644 index 0000000..d082b45 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ctrlmesh-public-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + - trafficpolicies + verbs: + - get + - list + - watch diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role_binding.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role_binding.yaml new file mode 100644 index 0000000..98f4e98 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/public_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ctrlmesh-public-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ctrlmesh-public-role +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:unauthenticated diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role.yaml new file mode 100644 index 0000000..e3f0712 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role.yaml @@ -0,0 +1,94 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: ctrlmesh-kusionstack-role +rules: +- apiGroups: + - '*' + resources: + - configmaps + - controllerrevisions + - deployments + - endpoints + - persistentvolumeclaims + - pods + - services + - statefulsets + - events + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch + - delete +- apiGroups: + - apps + resources: + - "" + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + - managerstates/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - '*' + - '*/status' + verbs: + - '*' +- apiGroups: + - apps.kusionstack.io + resources: + - '*' + verbs: + - '*' \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role_binding.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role_binding.yaml new file mode 100644 index 0000000..abddd4a --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ctrlmesh-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ctrlmesh-kusionstack-role +subjects: +- kind: ServiceAccount + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/service.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/service.yaml new file mode 100644 index 0000000..226e1d9 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + ctrlmesh.kusionstack.io/ignore-webhook: "true" + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: ctrlmesh + type: NodePort \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/serviceaccount.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/serviceaccount.yaml new file mode 100644 index 0000000..8506ff2 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml new file mode 100644 index 0000000..400c237 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml @@ -0,0 +1,85 @@ + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: ctrlmesh-mutating +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-namespace + port: 443 + failurePolicy: Ignore + name: namesapace.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-pod + port: 443 + failurePolicy: Ignore + name: pod.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-resource + port: 443 + failurePolicy: Ignore + name: resource.ctrlmesh.mutating.io + rules: + - apiGroups: + - apps.kusionstack.io + apiVersions: + - "*" + operations: + - CREATE + - UPDATE + resources: + - "*" + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + - services + - statefulsets + - controllerrevisions + - configmaps + - persistentvolumeclaims + - endpoints + sideEffects: None diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/validating.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/validating.yaml new file mode 100644 index 0000000..9029a34 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/validating.yaml @@ -0,0 +1,28 @@ + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: ctrlmesh-validating +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /validate-ctrlmesh-shardingconfig + port: 443 + failurePolicy: Fail + name: shardingconfigs.ctrlmesh.validating.io + rules: + - apiGroups: + - ctrlmesh.kusionstack.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - shardingconfigs + sideEffects: None diff --git a/versions/ctrlmesh/0.1.3-alpha.0/values.yaml b/versions/ctrlmesh/0.1.3-alpha.0/values.yaml new file mode 100644 index 0000000..5ba1aa4 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/values.yaml @@ -0,0 +1,53 @@ +# Default values for Controller Mesh. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +namespace: ctrlmesh +namespaceEnabled: true + +manager: + replicas: 2 + image: + repo: kusionstack/ctrlmesh-manager + pullPolicy: IfNotPresent + tag: v0.1.2 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + +proxy: + image: + repo: kusionstack/ctrlmesh-proxy + pullPolicy: IfNotPresent + tag: v0.1.2 + resources: + cpu: 100m + memory: 100Mi + +init: + image: + repo: kusionstack/ctrlmesh-init + tag: v0.1.2 + +shardingGroupVersionKinds: + groupVersionKinds: + ctrlmesh.kusionstack.io/v1alpha1: + - '*' + appps.kusionstack.io/v1alpha1: + - '*' + v1: + - Pod + - PersistentVolumeClaim + - Service + - ConfigMap + - Endpoint + apps/v1: + - StatefulSet + - ReplicaSet + - ControllerRevision + + From 1e2b6c9b9092ee24029c7156510e17c40ef7c986 Mon Sep 17 00:00:00 2001 From: Chaer Date: Tue, 16 Jan 2024 17:19:55 +0800 Subject: [PATCH 2/2] config ctrlmesh v0.1.3-alpha.0 --- charts/ctrlmesh | 2 +- versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml | 4 +- .../templates/crd/circuitbreakers.yaml | 2 +- .../templates/crd/faultinjection.yaml | 235 ++++++++++++++++++ .../templates/crd/managerstates.yaml | 1 - .../templates/webhook/mutating.yaml | 24 +- versions/ctrlmesh/0.1.3-alpha.0/values.yaml | 8 +- 7 files changed, 263 insertions(+), 13 deletions(-) create mode 100644 versions/ctrlmesh/0.1.3-alpha.0/templates/crd/faultinjection.yaml diff --git a/charts/ctrlmesh b/charts/ctrlmesh index 264d7fe..87cad07 120000 --- a/charts/ctrlmesh +++ b/charts/ctrlmesh @@ -1 +1 @@ -../versions/ctrlmesh/0.1.2 \ No newline at end of file +../versions/ctrlmesh/0.1.3-alpha.0 \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml b/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml index 39658a9..24effb4 100644 --- a/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml +++ b/versions/ctrlmesh/0.1.3-alpha.0/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: ctrlmesh description: Helm chart for Controller-Mesh components -version: 0.1.2 -appVersion: 0.1.2 +version: 0.1.3-alpha.0 +appVersion: 0.1.3-alpha.0 home: https://KusionStack.io sources: diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml index d599d04..58680b1 100644 --- a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/circuitbreakers.yaml @@ -1,4 +1,3 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition @@ -124,6 +123,7 @@ spec: type: array required: - apiGroups + - namespaces - resources - verbs type: object diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/faultinjection.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/faultinjection.yaml new file mode 100644 index 0000000..45841d0 --- /dev/null +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/faultinjection.yaml @@ -0,0 +1,235 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: faultinjections.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: FaultInjection + listKind: FaultInjectionList + plural: faultinjections + shortNames: + - fj + singular: faultinjection + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + properties: + disabled: + type: boolean + httpFault: + items: + description: HTTPFaultInjection can be used to specify one or more + faults to inject while forwarding HTTP requests to the destination + specified in a route. + properties: + abort: + description: Abort Http request attempts and return error codes + back to downstream service, giving the impression that the + upstream service is faulty. + properties: + httpStatus: + description: HttpStatus is used to indicate the HTTP status + code to return to the caller. + type: integer + percent: + description: Percent of requests to be aborted with the + error code provided. If not specified, no request will + be aborted. + type: string + type: object + delay: + description: Delay requests before forwarding, emulating various + failures such as network issues, overloaded upstream service, + etc. + properties: + fixedDelay: + description: FixedDelay is used to indicate the amount of + delay in seconds. + type: string + percent: + description: Percent of requests on which the delay will + be injected. If left unspecified, no request will be delayed + type: string + type: object + effectiveTime: + description: Effective time of fault injection + properties: + daysOfMonth: + description: DaysOfMonth specifies on which days of the + month the fault injection configuration is effective. + For example, 1 represents the first day of the month, + and so on. + items: + type: integer + type: array + daysOfWeek: + description: DaysOfWeek specifies on which days of the week + the fault injection configuration is effective. 0 represents + Sunday, 1 represents Monday, and so on. + items: + type: integer + type: array + endTime: + description: EndTime is the ending time of fault injection. + type: string + months: + description: Months specifies in which months of the year + the fault injection configuration is effective. 1 represents + January, 2 represents February, and so on. + items: + type: integer + type: array + startTime: + description: StartTime is the starting time of fault injection. + type: string + type: object + match: + description: Match specifies a set of criterion to be met in + order for the rule to be applied to the HTTP request. + properties: + httpMatch: + items: + description: HttpMatch specifies the criteria for matching + HTTP requests to RESTful resources as part of HTTP FaultInjection. + Each rule can target one or more URLs and HTTP methods. + properties: + method: + description: 'Method specifies the http method of + the request, like: PUT, POST, GET, DELETE.' + items: + type: string + type: array + url: + description: URL gives the location of the rest request, + in standard URL form (`scheme://host:port/path`) + items: + type: string + type: array + required: + - method + - url + type: object + type: array + resources: + items: + properties: + apiGroups: + items: + type: string + type: array + namespaces: + items: + type: string + type: array + resources: + items: + type: string + type: array + verbs: + items: + type: string + type: array + type: object + type: array + type: object + name: + description: Name is the name of the policy + type: string + type: object + type: array + selector: + description: Selector is a label query over pods of this configuration. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + status: + properties: + currentSpecHash: + type: string + lastUpdatedTime: + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + targetStatus: + items: + properties: + configHash: + type: string + message: + type: string + podIP: + type: string + podName: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml index 6e76a77..ec2c054 100644 --- a/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/crd/managerstates.yaml @@ -1,4 +1,3 @@ - --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition diff --git a/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml b/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml index 400c237..a1a852f 100644 --- a/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml +++ b/versions/ctrlmesh/0.1.3-alpha.0/templates/webhook/mutating.yaml @@ -34,8 +34,14 @@ webhooks: namespace: {{ .Values.namespace }} path: /mutate-pod port: 443 - failurePolicy: Ignore + failurePolicy: Fail name: pod.ctrlmesh.mutating.io + objectSelector: + matchExpressions: + - key: ctrlmesh.kusionstack.io/enable-proxy + operator: In + values: + - "true" rules: - apiGroups: - "" @@ -77,9 +83,19 @@ webhooks: resources: - pods - services - - statefulsets - - controllerrevisions - configmaps - persistentvolumeclaims - endpoints - sideEffects: None + - apiGroups: + - apps + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - deployments + - replicasets + - statefulsets + - controllerrevisions + sideEffects: None \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.3-alpha.0/values.yaml b/versions/ctrlmesh/0.1.3-alpha.0/values.yaml index 5ba1aa4..2689fc1 100644 --- a/versions/ctrlmesh/0.1.3-alpha.0/values.yaml +++ b/versions/ctrlmesh/0.1.3-alpha.0/values.yaml @@ -10,7 +10,7 @@ manager: image: repo: kusionstack/ctrlmesh-manager pullPolicy: IfNotPresent - tag: v0.1.2 + tag: v0.1.3-alpha.0 resources: limits: cpu: 500m @@ -23,15 +23,15 @@ proxy: image: repo: kusionstack/ctrlmesh-proxy pullPolicy: IfNotPresent - tag: v0.1.2 + tag: v0.1.3-alpha.0 resources: cpu: 100m - memory: 100Mi + memory: 128Mi init: image: repo: kusionstack/ctrlmesh-init - tag: v0.1.2 + tag: v0.1.3-alpha.0 shardingGroupVersionKinds: groupVersionKinds: