diff --git a/.github/workflows/lint-anf-test.yaml b/.github/workflows/lint-anf-test.yaml index 9cc32ca..6e10ead 100644 --- a/.github/workflows/lint-anf-test.yaml +++ b/.github/workflows/lint-anf-test.yaml @@ -19,11 +19,12 @@ jobs: - name: Set up python uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: '3.10' + check-latest: true - name: Setup Chart Linting id: lint - uses: helm/chart-testing-action@v2.4.0 + uses: helm/chart-testing-action@v2.6.0 - name: List changed charts id: list-changed @@ -34,6 +35,7 @@ jobs: if [[ -n "$changed" ]]; then echo "::set-output name=changed::true" echo "::set-output name=changed_charts::$charts" + echo "changed=true" >> "$GITHUB_OUTPUT" fi - name: Run chart-testing (lint) run: ct lint --debug --config ./.github/configs/ct-lint.yaml --lint-conf ./.github/configs/lintconf.yaml diff --git a/versions/ctrlmesh/0.1.0/values.yaml b/versions/ctrlmesh/0.1.0/values.yaml index 5e25928..d448f16 100644 --- a/versions/ctrlmesh/0.1.0/values.yaml +++ b/versions/ctrlmesh/0.1.0/values.yaml @@ -34,18 +34,18 @@ init: tag: v0.1.0 shardingGroupVersionKinds: -groupVersionKinds: - ctrlmesh.kusionstack.io/v1alpha1: - - '*' - v1: - - Pod - - PersistentVolumeClaim - - Service - - ConfigMap - - Endpoint - apps/v1: - - StatefulSet - - ReplicaSet - - ControllerRevision + groupVersionKinds: + ctrlmesh.kusionstack.io/v1alpha1: + - '*' + v1: + - Pod + - PersistentVolumeClaim + - Service + - ConfigMap + - Endpoint + apps/v1: + - StatefulSet + - ReplicaSet + - ControllerRevision diff --git a/versions/ctrlmesh/0.1.1/Chart.yaml b/versions/ctrlmesh/0.1.1/Chart.yaml new file mode 100644 index 0000000..3d1fd69 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +name: ctrlmesh +description: Helm chart for Controller-Mesh components +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.1 +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: 0.1.1 + +home: https://KusionStack.io +sources: + - https://github.com/KusionStack/controllermesh \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/README.md b/versions/ctrlmesh/0.1.1/README.md new file mode 100644 index 0000000..e69de29 diff --git a/versions/ctrlmesh/0.1.1/templates/NOTES.txt b/versions/ctrlmesh/0.1.1/templates/NOTES.txt new file mode 100644 index 0000000..84a36a4 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/NOTES.txt @@ -0,0 +1 @@ +Welcome! ^_^ \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/_helpers.tpl b/versions/ctrlmesh/0.1.1/templates/_helpers.tpl new file mode 100644 index 0000000..140fe6b --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "myctrlmesh.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "myctrlmesh.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "myctrlmesh.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "myctrlmesh.labels" -}} +helm.sh/chart: {{ include "myctrlmesh.chart" . }} +{{ include "myctrlmesh.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "myctrlmesh.selectorLabels" -}} +app.kubernetes.io/name: {{ include "myctrlmesh.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "myctrlmesh.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "myctrlmesh.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/versions/ctrlmesh/0.1.1/templates/configmap.yaml b/versions/ctrlmesh/0.1.1/templates/configmap.yaml new file mode 100644 index 0000000..dc36043 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + resource-config: | + {{- toYaml .Values.shardingGroupVersionKinds | nindent 4 }} +kind: ConfigMap +metadata: + name: ctrlmesh-sharding-resource + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/crd/circuitbreakers.yaml b/versions/ctrlmesh/0.1.1/templates/crd/circuitbreakers.yaml new file mode 100644 index 0000000..d599d04 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/crd/circuitbreakers.yaml @@ -0,0 +1,296 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: circuitbreakers.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + shortNames: + - cbk + singular: circuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CircuitBreaker is the Schema for the circuitbreakers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CircuitBreakerSpec defines the desired state of CircuitBreaker + properties: + rateLimitings: + description: RateLimitings defines the limit policies + items: + description: Limiting defines the limit policy + properties: + bucket: + description: Bucket defines the whole token bucket of the policy + properties: + burst: + description: Burst is the max token number of the bucket + format: int32 + type: integer + interval: + description: 'Interval is the time interval of the limiting + policy, in format of time like: 1h, 3m, 5s.' + type: string + limit: + description: Limit is the token number of the limiting policy. + format: int32 + type: integer + required: + - burst + - interval + - limit + type: object + name: + description: Name is the name of the policy + type: string + properties: + additionalProperties: + type: string + description: 'ValidatePolicy determine the opportunity to validate + req ValidatePolicy ValidatePolicy `json:"validatePolicy,omitempty"` + Properties defines the additional properties of the policy, + like: SleepingWindowSize' + type: object + recoverPolicy: + description: RecoverPolicy defines how the circuit-breaking + policy recovered from 'Opened' to 'Closed' + properties: + sleepingWindowSize: + type: string + type: + type: string + required: + - type + type: object + resourceRules: + description: ResourceRules defines the target k8s resource of + the limiting policy + items: + description: ResourceRule defines the target k8s resource + of the limiting policy + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that + contains the resources. If multiple API groups are + specified, any action requested against one of the enumerated + resources in any API group will be allowed. "*" means + all. + items: + type: string + type: array + namespaces: + description: Namespaces is a list of namespaces the rule + applies to. "*" means all. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule + applies to. "*" means all in the specified apiGroups. + "*/foo" represents the subresource 'foo' for all resources + in the specified apiGroups. + items: + type: string + type: array + verbs: + description: 'Verb is a list of kubernetes resource API + verbs, like: get, list, watch, create, update, delete, + proxy. "*" means all.' + items: + type: string + type: array + required: + - apiGroups + - resources + - verbs + type: object + type: array + restRules: + description: RestRules defines the target rest resource of the + limiting policy + items: + description: RestRule defines the target rest resource of + the limiting policy + properties: + method: + description: 'Method specifies the http method of the + request, like: PUT, POST, GET, DELETE.' + type: string + url: + description: URL gives the location of the rest request, + in standard URL form (`scheme://host:port/path`) + type: string + required: + - method + - url + type: object + type: array + triggerPolicy: + description: TriggerPolicy defines how the circuit-breaking + policy triggered from 'Closed' to 'Opened' + type: string + required: + - bucket + - name + - triggerPolicy + type: object + type: array + selector: + description: Selector is a label query over pods of this application. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + trafficInterceptRules: + description: TrafficInterceptRules defines the traffic rules + items: + description: TrafficInterceptRule defines the traffic intercept + rule + properties: + contentType: + description: ContentType is the content type of the traffic + rule + type: string + contents: + description: Content is the content of the traffic rule + items: + type: string + type: array + interceptType: + description: InterceptType is the intercept type of the traffic + rule + type: string + methods: + description: 'Method specifies the http method of the request, + like: PUT, POST, GET, DELETE.' + items: + type: string + type: array + name: + description: Name is the name of the traffic rule + type: string + required: + - contentType + - contents + - interceptType + - methods + - name + type: object + type: array + required: + - selector + type: object + status: + description: CircuitBreakerStatus defines the observed state of CircuitBreaker + properties: + currentSpecHash: + type: string + lastUpdatedTime: + format: date-time + type: string + observedGeneration: + format: int64 + type: integer + targetStatus: + items: + properties: + configHash: + type: string + limitingSnapshots: + items: + description: LimitingSnapshot defines the snapshot of the + whole limiting policy + properties: + lastTransitionTime: + description: LastTransitionTime is the last time that + the status changed + format: date-time + type: string + name: + description: Name specifies the name of the policy + type: string + state: + description: Status is the status of the circuit breaker, + which may be 'Opened' or 'Closed'. + type: string + required: + - name + - state + type: object + type: array + message: + type: string + podIP: + type: string + podName: + type: string + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.1/templates/crd/managerstates.yaml b/versions/ctrlmesh/0.1.1/templates/crd/managerstates.yaml new file mode 100644 index 0000000..6e76a77 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/crd/managerstates.yaml @@ -0,0 +1,74 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: managerstates.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: ManagerState + listKind: ManagerStateList + plural: managerstates + singular: managerstate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagerState is the Schema for the managerstates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagerStateSpec defines the desired state of ManagerState + type: object + status: + description: ManagerStateStatus defines the observed state of ManagerState + properties: + endpoints: + items: + properties: + leader: + type: boolean + name: + type: string + podIP: + type: string + required: + - leader + - name + - podIP + type: object + type: array + namespace: + type: string + ports: + properties: + grpcLeaderElectionPort: + type: integer + grpcNonLeaderElectionPort: + type: integer + type: object + updateTimestamp: + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.1/templates/crd/shardingconfigs.yaml b/versions/ctrlmesh/0.1.1/templates/crd/shardingconfigs.yaml new file mode 100644 index 0000000..1d3023c --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/crd/shardingconfigs.yaml @@ -0,0 +1,294 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: shardingconfigs.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: ShardingConfig + listKind: ShardingConfigList + plural: shardingconfigs + shortNames: + - shard + singular: shardingconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ShardingConfig is the Schema for the ShardingConfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ShardingConfigSpec defines the desired state of ShardingConfig + properties: + controller: + description: ShardingConfigControllerConfiguration defines the configuration + of controller in this application. + properties: + leaderElectionName: + type: string + required: + - leaderElectionName + type: object + limits: + items: + properties: + relateResources: + items: + properties: + apiGroups: + items: + type: string + type: array + resources: + items: + type: string + type: array + type: object + type: array + selector: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + root: + properties: + auto: + description: Auto is config to automatically generate child ShardingConfig + properties: + everyShardReplicas: + type: integer + shardingSize: + type: integer + required: + - everyShardReplicas + - shardingSize + type: object + canary: + description: Canary is canary shard config + properties: + inNamespaces: + items: + type: string + type: array + inShardHash: + items: + type: string + type: array + replicas: + type: integer + required: + - replicas + type: object + disable: + type: boolean + prefix: + type: string + resourceSelector: + items: + properties: + relateResources: + items: + properties: + apiGroups: + items: + type: string + type: array + resources: + items: + type: string + type: array + type: object + type: array + selector: + description: A label selector is a label query over a set + of resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. + A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + targetStatefulSet: + type: string + required: + - prefix + - targetStatefulSet + type: object + selector: + description: Selector is a label query over pods of this configuration. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + webhook: + description: ShardingConfigWebhookConfiguration defines the configuration + of webhook in this application. + properties: + certDir: + type: string + port: + type: integer + required: + - certDir + - port + type: object + type: object + status: + description: ShardingConfigStatus defines the observed state of ShardingConfig + properties: + root: + properties: + childShardingConfigs: + items: + type: string + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/0.1.1/templates/deployment.yaml b/versions/ctrlmesh/0.1.1/templates/deployment.yaml new file mode 100644 index 0000000..7795217 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/deployment.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + ctrlmesh.kusionstack.io/ignore-webhook: 'true' + name: ctrlmesh + namespace: {{ .Values.namespace }} +spec: + replicas: {{ .Values.manager.replicas }} + revisionHistoryLimit: 10 + selector: + matchLabels: + control-plane: ctrlmesh + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + control-plane: ctrlmesh + ctrlmesh.kusionstack.io/ignore-webhook: 'true' + ctrlmesh.kusionstack.io/watching: 'true' + spec: + containers: + - args: + - --logtostderr=true + - --v=4 + - --leader-election-namespace={{ .Values.namespace }} + - --proxy-image={{ .Values.proxy.image.repo }}:{{ .Values.proxy.image.tag }} + - --proxy-cpu={{ .Values.proxy.resources.cpu }} + - --proxy-memory={{ .Values.proxy.resources.memory }} + - --proxy-image-pull-policy={{ .Values.proxy.image.pullPolicy }} + command: + - /ctrlmesh-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_WEBHOOK_SERVER + value: 'true' + - name: WEBHOOK_CERT_WRITER + value: secret + - name: WATCH_ON_LIMIT + value: 'true' + image: {{ .Values.manager.image.repo }}:{{ .Values.manager.image.tag }} + imagePullPolicy: {{ .Values.manager.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + name: manager + readinessProbe: + failureThreshold: 3 + httpGet: + path: /delay + port: 8083 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: + {{- toYaml .Values.manager.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + serviceAccount: ctrlmesh-serviceaccount + serviceAccountName: ctrlmesh-serviceaccount \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/namespace.yaml b/versions/ctrlmesh/0.1.1/templates/namespace.yaml new file mode 100644 index 0000000..f55e183 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.namespaceEnabled -}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/leader_election_role.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/leader_election_role.yaml new file mode 100644 index 0000000..eba124e --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/leader_election_role.yaml @@ -0,0 +1,38 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role + namespace: {{ .Values.namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/leader_election_role_binding.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..d2db064 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ctrlmesh-leader-election-rolebinding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/managerstate_editor_role.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/managerstate_editor_role.yaml new file mode 100644 index 0000000..ce51d6e --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/managerstate_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit managerstates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managerstate-editor-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates/status + verbs: + - get diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/managerstate_viewer_role.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/managerstate_viewer_role.yaml new file mode 100644 index 0000000..fda2de2 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/managerstate_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view managerstates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managerstate-viewer-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + verbs: + - get + - list + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates/status + verbs: + - get diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/public_role.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/public_role.yaml new file mode 100644 index 0000000..d082b45 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/public_role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ctrlmesh-public-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + - trafficpolicies + verbs: + - get + - list + - watch diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/public_role_binding.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/public_role_binding.yaml new file mode 100644 index 0000000..98f4e98 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/public_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ctrlmesh-public-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ctrlmesh-public-role +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:unauthenticated diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/role.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/role.yaml new file mode 100644 index 0000000..808a6b1 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/role.yaml @@ -0,0 +1,88 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: ctrlmesh-kusionstack-role +rules: +- apiGroups: + - '*' + resources: + - configmaps + - controllerrevisions + - deployments + - endpoints + - persistentvolumeclaims + - pods + - services + - statefulsets + - events + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch + - delete +- apiGroups: + - apps + resources: + - "" + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + - managerstates/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - '*' + - '*/status' + verbs: + - '*' \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/rbac/role_binding.yaml b/versions/ctrlmesh/0.1.1/templates/rbac/role_binding.yaml new file mode 100644 index 0000000..abddd4a --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ctrlmesh-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ctrlmesh-kusionstack-role +subjects: +- kind: ServiceAccount + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} diff --git a/versions/ctrlmesh/0.1.1/templates/service.yaml b/versions/ctrlmesh/0.1.1/templates/service.yaml new file mode 100644 index 0000000..226e1d9 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + ctrlmesh.kusionstack.io/ignore-webhook: "true" + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: ctrlmesh + type: NodePort \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/serviceaccount.yaml b/versions/ctrlmesh/0.1.1/templates/serviceaccount.yaml new file mode 100644 index 0000000..8506ff2 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/versions/ctrlmesh/0.1.1/templates/webhook/mutating.yaml b/versions/ctrlmesh/0.1.1/templates/webhook/mutating.yaml new file mode 100644 index 0000000..e009be1 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/webhook/mutating.yaml @@ -0,0 +1,76 @@ + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: ctrlmesh-mutating +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-namespace + port: 443 + failurePolicy: Ignore + name: namesapace.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-pod + port: 443 + failurePolicy: Ignore + name: pod.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-resource + port: 443 + failurePolicy: Ignore + name: resource.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + - services + - statefulsets + - controllerrevisions + - configmaps + - persistentvolumeclaims + - endpoints + sideEffects: None diff --git a/versions/ctrlmesh/0.1.1/templates/webhook/validating.yaml b/versions/ctrlmesh/0.1.1/templates/webhook/validating.yaml new file mode 100644 index 0000000..9029a34 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/templates/webhook/validating.yaml @@ -0,0 +1,28 @@ + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: ctrlmesh-validating +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /validate-ctrlmesh-shardingconfig + port: 443 + failurePolicy: Fail + name: shardingconfigs.ctrlmesh.validating.io + rules: + - apiGroups: + - ctrlmesh.kusionstack.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - shardingconfigs + sideEffects: None diff --git a/versions/ctrlmesh/0.1.1/values.yaml b/versions/ctrlmesh/0.1.1/values.yaml new file mode 100644 index 0000000..7902fd0 --- /dev/null +++ b/versions/ctrlmesh/0.1.1/values.yaml @@ -0,0 +1,52 @@ +# Default values for Controller Mesh. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +namespace: ctrlmesh +namespaceEnabled: true + +manager: + replicas: 2 + image: + repo: kusionstack/ctrlmesh-manager + pullPolicy: IfNotPresent + tag: v0.1.1 + tag: manager-231116-1 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + +proxy: + image: + repo: kusionstack/ctrlmesh-proxy + pullPolicy: IfNotPresent + tag: v0.1.1 + resources: + cpu: 100m + memory: 100Mi + +init: + image: + repo: kusionstack/ctrlmesh-init + tag: v0.1.1 + +shardingGroupVersionKinds: + groupVersionKinds: + ctrlmesh.kusionstack.io/v1alpha1: + - '*' + v1: + - Pod + - PersistentVolumeClaim + - Service + - ConfigMap + - Endpoint + apps/v1: + - StatefulSet + - ReplicaSet + - ControllerRevision + + diff --git a/versions/ctrlmesh/ctrlmesh/Chart.yaml b/versions/ctrlmesh/ctrlmesh/Chart.yaml new file mode 100644 index 0000000..c374630 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/Chart.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +appVersion: 0.1.0 +description: Helm chart for Controller-Mesh components +home: https://KusionStack.io +name: ctrlmesh +sources: +- https://github.com/KusionStack/controllermesh +version: 0.1.0 \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/README.md b/versions/ctrlmesh/ctrlmesh/README.md new file mode 100644 index 0000000..e69de29 diff --git a/versions/ctrlmesh/ctrlmesh/templates/NOTES.txt b/versions/ctrlmesh/ctrlmesh/templates/NOTES.txt new file mode 100644 index 0000000..84a36a4 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/NOTES.txt @@ -0,0 +1 @@ +Welcome! ^_^ \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/_helpers.tpl b/versions/ctrlmesh/ctrlmesh/templates/_helpers.tpl new file mode 100644 index 0000000..140fe6b --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "myctrlmesh.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "myctrlmesh.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "myctrlmesh.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "myctrlmesh.labels" -}} +helm.sh/chart: {{ include "myctrlmesh.chart" . }} +{{ include "myctrlmesh.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "myctrlmesh.selectorLabels" -}} +app.kubernetes.io/name: {{ include "myctrlmesh.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "myctrlmesh.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "myctrlmesh.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/versions/ctrlmesh/ctrlmesh/templates/configmap.yaml b/versions/ctrlmesh/ctrlmesh/templates/configmap.yaml new file mode 100644 index 0000000..dc36043 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/configmap.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +data: + resource-config: | + {{- toYaml .Values.shardingGroupVersionKinds | nindent 4 }} +kind: ConfigMap +metadata: + name: ctrlmesh-sharding-resource + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/crd/circuitbreakers.yaml b/versions/ctrlmesh/ctrlmesh/templates/crd/circuitbreakers.yaml new file mode 100644 index 0000000..3f4b826 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/crd/circuitbreakers.yaml @@ -0,0 +1,321 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: circuitbreakers.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: CircuitBreaker + listKind: CircuitBreakerList + plural: circuitbreakers + shortNames: + - cbk + singular: circuitbreaker + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: CircuitBreaker is the Schema for the circuitbreakers API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: CircuitBreakerSpec defines the desired state of CircuitBreaker + properties: + rateLimitings: + description: RateLimitings defines the limit policies + items: + description: Limiting defines the limit policy + properties: + bucket: + description: Bucket defines the whole token bucket of the policy + properties: + burst: + description: Burst is the max token number of the bucket + format: int32 + type: integer + interval: + description: 'Interval is the time interval of the limiting + policy, in format of time like: 1h, 3m, 5s.' + type: string + limit: + description: Limit is the token number of the limiting policy. + format: int32 + type: integer + required: + - burst + - interval + - limit + type: object + name: + description: Name is the name of the policy + type: string + properties: + additionalProperties: + type: string + description: 'Properties defines the additional properties of + the policy, like: SleepingWindowSize' + type: object + recoverPolicy: + description: RecoverPolicy defines how the circuit-breaking + policy recovered from 'Opened' to 'Closed' + type: string + resourceRules: + description: ResourceRules defines the target k8s resource of + the limiting policy + items: + description: ResourceRule defines the target k8s resource + of the limiting policy + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that + contains the resources. If multiple API groups are + specified, any action requested against one of the enumerated + resources in any API group will be allowed. "*" means + all. + items: + type: string + type: array + namespaces: + description: Namespaces is a list of namespaces the rule + applies to. "*" means all. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule + applies to. "*" means all in the specified apiGroups. "*/foo" + represents the subresource 'foo' for all resources in + the specified apiGroups. + items: + type: string + type: array + verbs: + description: 'Verb is a list of kubernetes resource API + verbs, like: get, list, watch, create, update, delete, + proxy. "*" means all.' + items: + type: string + type: array + required: + - apiGroups + - namespaces + - resources + - verbs + type: object + type: array + restRules: + description: RestRules defines the target rest resource of the + limiting policy + items: + description: RestRule defines the target rest resource of + the limiting policy + properties: + method: + description: 'Method specifies the http method of the + request, like: PUT, POST, GET, DELETE.' + type: string + url: + description: URL gives the location of the rest request, + in standard URL form (`scheme://host:port/path`) + type: string + required: + - method + - url + type: object + type: array + triggerPolicy: + description: TriggerPolicy defines how the circuit-breaking + policy triggered from 'Closed' to 'Opened' + type: string + validatePolicy: + description: ValidatePolicy determine the opportunity to validate + req + type: string + required: + - bucket + - name + - recoverPolicy + - triggerPolicy + type: object + type: array + selector: + description: Selector is a label query over pods of this application. + properties: + labelSelector: + description: A label selector is a label query over a set of resources. + The result of matchLabels and matchExpressions are ANDed. An + empty label selector matches all objects. A null label selector + matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. If + the operator is In or NotIn, the values array must + be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced + during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A + single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is "key", + the operator is "In", and the values array contains only + "value". The requirements are ANDed. + type: object + type: object + targets: + items: + type: string + type: array + type: object + trafficInterceptRules: + description: TrafficInterceptRules defines the traffic rules + items: + description: TrafficInterceptRule defines the traffic intercept + rule + properties: + contentType: + description: ContentType is the content type of the traffic + rule + type: string + contents: + description: Content is the content of the traffic rule + items: + type: string + type: array + interceptType: + description: InterceptType is the intercept type of the traffic + rule + type: string + methods: + description: 'Method specifies the http method of the request, + like: PUT, POST, GET, DELETE.' + items: + type: string + type: array + name: + description: Name is the name of the traffic rule + type: string + required: + - contentType + - contents + - interceptType + - methods + - name + type: object + type: array + required: + - rateLimitings + type: object + status: + description: CircuitBreakerStatus defines the observed state of CircuitBreaker + properties: + lastUpdatedTime: + format: date-time + type: string + limitingSnapshots: + items: + description: LimitingSnapshot defines the snapshot of the whole + limiting policy + properties: + bucket: + description: Bucket defines the whole snapshot of the token + bucket + properties: + availableTokens: + description: AvailableTokens defines the rest tokens of + the bucket. + format: int64 + type: integer + lastAcquireTimestamp: + description: LastAcquireTimestamp is the unix timestamp + that the last token(s) were acquired. + format: int64 + type: integer + required: + - availableTokens + - lastAcquireTimestamp + type: object + endpoint: + description: Endpoint specifies the users who use this rule + type: string + lastTransitionTime: + description: LastTransitionTime is the last time that the status + changed + format: date-time + type: string + name: + description: Name specifies the name of the policy + type: string + podName: + description: PodName specifies the users pod name + type: string + status: + description: Status is the status of the circuit breaker, which + may be 'Opened' or 'Closed'. + type: string + required: + - bucket + - name + - status + type: object + type: array + observedGeneration: + format: int64 + type: integer + required: + - limitingSnapshots + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/versions/ctrlmesh/ctrlmesh/templates/crd/managerstates.yaml b/versions/ctrlmesh/ctrlmesh/templates/crd/managerstates.yaml new file mode 100644 index 0000000..cafe3b0 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/crd/managerstates.yaml @@ -0,0 +1,80 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.7.0 + creationTimestamp: null + name: managerstates.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: ManagerState + listKind: ManagerStateList + plural: managerstates + singular: managerstate + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ManagerState is the Schema for the managerstates API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ManagerStateSpec defines the desired state of ManagerState + type: object + status: + description: ManagerStateStatus defines the observed state of ManagerState + properties: + endpoints: + items: + properties: + leader: + type: boolean + name: + type: string + podIP: + type: string + required: + - leader + - name + - podIP + type: object + type: array + namespace: + type: string + ports: + properties: + grpcLeaderElectionPort: + type: integer + grpcNonLeaderElectionPort: + type: integer + type: object + updateTimestamp: + format: date-time + type: string + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] diff --git a/versions/ctrlmesh/ctrlmesh/templates/crd/shardingconfigs.yaml b/versions/ctrlmesh/ctrlmesh/templates/crd/shardingconfigs.yaml new file mode 100644 index 0000000..1d3023c --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/crd/shardingconfigs.yaml @@ -0,0 +1,294 @@ +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.10.0 + creationTimestamp: null + name: shardingconfigs.ctrlmesh.kusionstack.io +spec: + group: ctrlmesh.kusionstack.io + names: + kind: ShardingConfig + listKind: ShardingConfigList + plural: shardingconfigs + shortNames: + - shard + singular: shardingconfig + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ShardingConfig is the Schema for the ShardingConfigs API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: ShardingConfigSpec defines the desired state of ShardingConfig + properties: + controller: + description: ShardingConfigControllerConfiguration defines the configuration + of controller in this application. + properties: + leaderElectionName: + type: string + required: + - leaderElectionName + type: object + limits: + items: + properties: + relateResources: + items: + properties: + apiGroups: + items: + type: string + type: array + resources: + items: + type: string + type: array + type: object + type: array + selector: + description: A label selector is a label query over a set of + resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. A + null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that relates + the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, NotIn, + Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists or + DoesNotExist, the values array must be empty. This + array is replaced during a strategic merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field is + "key", the operator is "In", and the values array contains + only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + root: + properties: + auto: + description: Auto is config to automatically generate child ShardingConfig + properties: + everyShardReplicas: + type: integer + shardingSize: + type: integer + required: + - everyShardReplicas + - shardingSize + type: object + canary: + description: Canary is canary shard config + properties: + inNamespaces: + items: + type: string + type: array + inShardHash: + items: + type: string + type: array + replicas: + type: integer + required: + - replicas + type: object + disable: + type: boolean + prefix: + type: string + resourceSelector: + items: + properties: + relateResources: + items: + properties: + apiGroups: + items: + type: string + type: array + resources: + items: + type: string + type: array + type: object + type: array + selector: + description: A label selector is a label query over a set + of resources. The result of matchLabels and matchExpressions + are ANDed. An empty label selector matches all objects. + A null label selector matches no objects. + properties: + matchExpressions: + description: matchExpressions is a list of label selector + requirements. The requirements are ANDed. + items: + description: A label selector requirement is a selector + that contains values, a key, and an operator that + relates the key and values. + properties: + key: + description: key is the label key that the selector + applies to. + type: string + operator: + description: operator represents a key's relationship + to a set of values. Valid operators are In, + NotIn, Exists and DoesNotExist. + type: string + values: + description: values is an array of string values. + If the operator is In or NotIn, the values array + must be non-empty. If the operator is Exists + or DoesNotExist, the values array must be empty. + This array is replaced during a strategic merge + patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. + A single {key,value} in the matchLabels map is equivalent + to an element of matchExpressions, whose key field + is "key", the operator is "In", and the values array + contains only "value". The requirements are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + type: object + type: array + targetStatefulSet: + type: string + required: + - prefix + - targetStatefulSet + type: object + selector: + description: Selector is a label query over pods of this configuration. + properties: + matchExpressions: + description: matchExpressions is a list of label selector requirements. + The requirements are ANDed. + items: + description: A label selector requirement is a selector that + contains values, a key, and an operator that relates the key + and values. + properties: + key: + description: key is the label key that the selector applies + to. + type: string + operator: + description: operator represents a key's relationship to + a set of values. Valid operators are In, NotIn, Exists + and DoesNotExist. + type: string + values: + description: values is an array of string values. If the + operator is In or NotIn, the values array must be non-empty. + If the operator is Exists or DoesNotExist, the values + array must be empty. This array is replaced during a strategic + merge patch. + items: + type: string + type: array + required: + - key + - operator + type: object + type: array + matchLabels: + additionalProperties: + type: string + description: matchLabels is a map of {key,value} pairs. A single + {key,value} in the matchLabels map is equivalent to an element + of matchExpressions, whose key field is "key", the operator + is "In", and the values array contains only "value". The requirements + are ANDed. + type: object + type: object + x-kubernetes-map-type: atomic + webhook: + description: ShardingConfigWebhookConfiguration defines the configuration + of webhook in this application. + properties: + certDir: + type: string + port: + type: integer + required: + - certDir + - port + type: object + type: object + status: + description: ShardingConfigStatus defines the observed state of ShardingConfig + properties: + root: + properties: + childShardingConfigs: + items: + type: string + type: array + type: object + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/versions/ctrlmesh/ctrlmesh/templates/deployment.yaml b/versions/ctrlmesh/ctrlmesh/templates/deployment.yaml new file mode 100644 index 0000000..7795217 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/deployment.yaml @@ -0,0 +1,85 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + ctrlmesh.kusionstack.io/ignore-webhook: 'true' + name: ctrlmesh + namespace: {{ .Values.namespace }} +spec: + replicas: {{ .Values.manager.replicas }} + revisionHistoryLimit: 10 + selector: + matchLabels: + control-plane: ctrlmesh + strategy: + rollingUpdate: + maxSurge: 1 + maxUnavailable: 1 + type: RollingUpdate + template: + metadata: + labels: + control-plane: ctrlmesh + ctrlmesh.kusionstack.io/ignore-webhook: 'true' + ctrlmesh.kusionstack.io/watching: 'true' + spec: + containers: + - args: + - --logtostderr=true + - --v=4 + - --leader-election-namespace={{ .Values.namespace }} + - --proxy-image={{ .Values.proxy.image.repo }}:{{ .Values.proxy.image.tag }} + - --proxy-cpu={{ .Values.proxy.resources.cpu }} + - --proxy-memory={{ .Values.proxy.resources.memory }} + - --proxy-image-pull-policy={{ .Values.proxy.image.pullPolicy }} + command: + - /ctrlmesh-manager + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.namespace + - name: POD_NAME + valueFrom: + fieldRef: + apiVersion: v1 + fieldPath: metadata.name + - name: ENABLE_WEBHOOK_SERVER + value: 'true' + - name: WEBHOOK_CERT_WRITER + value: secret + - name: WATCH_ON_LIMIT + value: 'true' + image: {{ .Values.manager.image.repo }}:{{ .Values.manager.image.tag }} + imagePullPolicy: {{ .Values.manager.image.pullPolicy }} + livenessProbe: + failureThreshold: 3 + httpGet: + path: /healthz + port: 8081 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 20 + successThreshold: 1 + timeoutSeconds: 1 + name: manager + readinessProbe: + failureThreshold: 3 + httpGet: + path: /delay + port: 8083 + scheme: HTTP + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + resources: + {{- toYaml .Values.manager.resources | nindent 12 }} + securityContext: + allowPrivilegeEscalation: false + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + dnsPolicy: ClusterFirst + serviceAccount: ctrlmesh-serviceaccount + serviceAccountName: ctrlmesh-serviceaccount \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/namespace.yaml b/versions/ctrlmesh/ctrlmesh/templates/namespace.yaml new file mode 100644 index 0000000..f55e183 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/namespace.yaml @@ -0,0 +1,6 @@ +{{- if .Values.namespaceEnabled -}} +apiVersion: v1 +kind: Namespace +metadata: + name: {{ .Values.namespace }} +{{- end }} \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/leader_election_role.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/leader_election_role.yaml new file mode 100644 index 0000000..eba124e --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/leader_election_role.yaml @@ -0,0 +1,38 @@ +# permissions to do leader election. +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: leader-election-role + namespace: {{ .Values.namespace }} +rules: +- apiGroups: + - "" + resources: + - configmaps + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - coordination.k8s.io + resources: + - leases + verbs: + - get + - list + - watch + - create + - update + - patch + - delete +- apiGroups: + - "" + resources: + - events + verbs: + - create + - patch diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/leader_election_role_binding.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/leader_election_role_binding.yaml new file mode 100644 index 0000000..d2db064 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/leader_election_role_binding.yaml @@ -0,0 +1,13 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: ctrlmesh-leader-election-rolebinding + namespace: {{ .Values.namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: leader-election-role +subjects: +- kind: ServiceAccount + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/managerstate_editor_role.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/managerstate_editor_role.yaml new file mode 100644 index 0000000..ce51d6e --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/managerstate_editor_role.yaml @@ -0,0 +1,24 @@ +# permissions for end users to edit managerstates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managerstate-editor-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates/status + verbs: + - get diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/managerstate_viewer_role.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/managerstate_viewer_role.yaml new file mode 100644 index 0000000..fda2de2 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/managerstate_viewer_role.yaml @@ -0,0 +1,20 @@ +# permissions for end users to view managerstates. +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: managerstate-viewer-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + verbs: + - get + - list + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates/status + verbs: + - get diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/public_role.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/public_role.yaml new file mode 100644 index 0000000..d082b45 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/public_role.yaml @@ -0,0 +1,14 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: ctrlmesh-public-role +rules: +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + - trafficpolicies + verbs: + - get + - list + - watch diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/public_role_binding.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/public_role_binding.yaml new file mode 100644 index 0000000..98f4e98 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/public_role_binding.yaml @@ -0,0 +1,15 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ctrlmesh-public-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ctrlmesh-public-role +subjects: +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:authenticated +- apiGroup: rbac.authorization.k8s.io + kind: Group + name: system:unauthenticated diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/role.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/role.yaml new file mode 100644 index 0000000..808a6b1 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/role.yaml @@ -0,0 +1,88 @@ + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + creationTimestamp: null + name: ctrlmesh-kusionstack-role +rules: +- apiGroups: + - '*' + resources: + - configmaps + - controllerrevisions + - deployments + - endpoints + - persistentvolumeclaims + - pods + - services + - statefulsets + - events + verbs: + - '*' +- apiGroups: + - admissionregistration.k8s.io + resources: + - mutatingwebhookconfigurations + - validatingwebhookconfigurations + verbs: + - get + - list + - patch + - update + - watch + - delete +- apiGroups: + - apps + resources: + - "" + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - namespaces + verbs: + - get + - list + - patch + - update + - watch +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - managerstates + - managerstates/finalizers + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - ctrlmesh.kusionstack.io + resources: + - '*' + - '*/status' + verbs: + - '*' \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/rbac/role_binding.yaml b/versions/ctrlmesh/ctrlmesh/templates/rbac/role_binding.yaml new file mode 100644 index 0000000..abddd4a --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/rbac/role_binding.yaml @@ -0,0 +1,12 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: ctrlmesh-rolebinding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: ctrlmesh-kusionstack-role +subjects: +- kind: ServiceAccount + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} diff --git a/versions/ctrlmesh/ctrlmesh/templates/service.yaml b/versions/ctrlmesh/ctrlmesh/templates/service.yaml new file mode 100644 index 0000000..226e1d9 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + labels: + ctrlmesh.kusionstack.io/ignore-webhook: "true" + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} +spec: + ports: + - port: 443 + protocol: TCP + targetPort: 9443 + selector: + control-plane: ctrlmesh + type: NodePort \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/serviceaccount.yaml b/versions/ctrlmesh/ctrlmesh/templates/serviceaccount.yaml new file mode 100644 index 0000000..8506ff2 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: ctrlmesh-serviceaccount + namespace: {{ .Values.namespace }} \ No newline at end of file diff --git a/versions/ctrlmesh/ctrlmesh/templates/webhook/mutating.yaml b/versions/ctrlmesh/ctrlmesh/templates/webhook/mutating.yaml new file mode 100644 index 0000000..e009be1 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/webhook/mutating.yaml @@ -0,0 +1,76 @@ + +apiVersion: admissionregistration.k8s.io/v1 +kind: MutatingWebhookConfiguration +metadata: + name: ctrlmesh-mutating +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-namespace + port: 443 + failurePolicy: Ignore + name: namesapace.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - namespaces + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-pod + port: 443 + failurePolicy: Ignore + name: pod.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + resources: + - pods + sideEffects: None +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /mutate-resource + port: 443 + failurePolicy: Ignore + name: resource.ctrlmesh.mutating.io + rules: + - apiGroups: + - "" + apiVersions: + - v1 + operations: + - CREATE + - UPDATE + resources: + - pods + - services + - statefulsets + - controllerrevisions + - configmaps + - persistentvolumeclaims + - endpoints + sideEffects: None diff --git a/versions/ctrlmesh/ctrlmesh/templates/webhook/validating.yaml b/versions/ctrlmesh/ctrlmesh/templates/webhook/validating.yaml new file mode 100644 index 0000000..9029a34 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/templates/webhook/validating.yaml @@ -0,0 +1,28 @@ + +apiVersion: admissionregistration.k8s.io/v1 +kind: ValidatingWebhookConfiguration +metadata: + name: ctrlmesh-validating +webhooks: +- admissionReviewVersions: + - v1 + - v1beta1 + clientConfig: + service: + name: ctrlmesh-webhook-service + namespace: {{ .Values.namespace }} + path: /validate-ctrlmesh-shardingconfig + port: 443 + failurePolicy: Fail + name: shardingconfigs.ctrlmesh.validating.io + rules: + - apiGroups: + - ctrlmesh.kusionstack.io + apiVersions: + - v1alpha1 + operations: + - CREATE + - UPDATE + resources: + - shardingconfigs + sideEffects: None diff --git a/versions/ctrlmesh/ctrlmesh/values.yaml b/versions/ctrlmesh/ctrlmesh/values.yaml new file mode 100644 index 0000000..d448f16 --- /dev/null +++ b/versions/ctrlmesh/ctrlmesh/values.yaml @@ -0,0 +1,51 @@ +# Default values for Controller Mesh. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +namespace: ctrlmesh +namespaceEnabled: true + +manager: + replicas: 2 + image: + repo: kusionstack/ctrlmesh-manager + pullPolicy: IfNotPresent + tag: v0.1.0 + resources: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 10m + memory: 64Mi + +proxy: + image: + repo: kusionstack/ctrlmesh-proxy + pullPolicy: IfNotPresent + tag: v0.1.0 + resources: + cpu: 100m + memory: 100Mi + +init: + image: + repo: kusionstack/ctrlmesh-init + tag: v0.1.0 + +shardingGroupVersionKinds: + groupVersionKinds: + ctrlmesh.kusionstack.io/v1alpha1: + - '*' + v1: + - Pod + - PersistentVolumeClaim + - Service + - ConfigMap + - Endpoint + apps/v1: + - StatefulSet + - ReplicaSet + - ControllerRevision + +