|
58 | 58 | properties: |
59 | 59 | install: |
60 | 60 | description: |- |
61 | | - install is a required field used to configure the installation options |
62 | | - for the ClusterExtension such as the installation namespace, |
63 | | - the service account and the pre-flight check configuration. |
64 | | -
|
65 | | - Below is a minimal example of an installation definition (in yaml): |
66 | | - install: |
67 | | - namespace: example-namespace |
68 | | - serviceAccount: |
69 | | - name: example-sa |
| 61 | + install is an optional field used to configure the installation options |
| 62 | + for the ClusterExtension such as the pre-flight check configuration. |
70 | 63 | properties: |
71 | | - namespace: |
72 | | - description: |- |
73 | | - namespace designates the kubernetes Namespace where bundle content |
74 | | - for the package, referenced in the 'packageName' field, will be applied and the necessary |
75 | | - service account can be found. |
76 | | - The bundle may contain cluster-scoped resources or resources that are |
77 | | - applied to other Namespaces. This Namespace is expected to exist. |
78 | | -
|
79 | | - namespace is required, immutable, and follows the DNS label standard |
80 | | - as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-), |
81 | | - start and end with an alphanumeric character, and be no longer than 63 characters |
82 | | -
|
83 | | - [RFC 1123]: https://tools.ietf.org/html/rfc1123 |
84 | | - maxLength: 63 |
85 | | - type: string |
86 | | - x-kubernetes-validations: |
87 | | - - message: namespace is immutable |
88 | | - rule: self == oldSelf |
89 | | - - message: namespace must be a valid DNS1123 label |
90 | | - rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$") |
91 | 64 | preflight: |
92 | 65 | description: |- |
93 | 66 | preflight is an optional field that can be used to configure the checks that are |
@@ -130,55 +103,74 @@ spec: |
130 | 103 | - message: at least one of [crdUpgradeSafety] are required when |
131 | 104 | preflight is specified |
132 | 105 | rule: has(self.crdUpgradeSafety) |
133 | | - serviceAccount: |
| 106 | + type: object |
| 107 | + x-kubernetes-validations: |
| 108 | + - message: at least one of [preflight] are required when install is |
| 109 | + specified |
| 110 | + rule: has(self.preflight) |
| 111 | + namespace: |
| 112 | + description: |- |
| 113 | + namespace is a reference to a Kubernetes namespace. |
| 114 | + This is the namespace the provided ServiceAccount must exist. |
| 115 | + It also designates the default namespace where namespace-scoped resources |
| 116 | + for the extension are applied to the cluster. |
| 117 | + Some extensions may contain namespace-scoped resources to be applied in other namespaces. |
| 118 | + This namespace must exist. |
| 119 | +
|
| 120 | + namespace is required, immutable, and follows the DNS label standard |
| 121 | + as defined in [RFC 1123]. It must contain only lowercase alphanumeric characters or hyphens (-), |
| 122 | + start and end with an alphanumeric character, and be no longer than 63 characters |
| 123 | +
|
| 124 | + [RFC 1123]: https://tools.ietf.org/html/rfc1123 |
| 125 | + maxLength: 63 |
| 126 | + type: string |
| 127 | + x-kubernetes-validations: |
| 128 | + - message: namespace is immutable |
| 129 | + rule: self == oldSelf |
| 130 | + - message: namespace must be a valid DNS1123 label |
| 131 | + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?$") |
| 132 | + serviceAccount: |
| 133 | + description: |- |
| 134 | + serviceAccount is a reference to a ServiceAccount used to perform all interactions |
| 135 | + with the cluster that are required to manage the extension. |
| 136 | + The ServiceAccount must be configured with the necessary permissions to perform these interactions. |
| 137 | + The ServiceAccount must exist in the namespace referenced in the spec. |
| 138 | + serviceAccount is required. |
| 139 | + properties: |
| 140 | + name: |
134 | 141 | description: |- |
135 | | - serviceAccount is a required reference to a ServiceAccount that exists |
136 | | - in the installNamespace which is used to install and |
137 | | - manage the content for the package specified in the packageName field. |
138 | | -
|
139 | | - In order to successfully install and manage the content for the package, |
140 | | - the ServiceAccount provided via this field should be configured with the |
141 | | - appropriate permissions to perform the necessary operations on all the |
142 | | - resources that are included in the bundle of content being applied. |
143 | | - properties: |
144 | | - name: |
145 | | - description: |- |
146 | | - name is a required, immutable reference to the name of the ServiceAccount |
147 | | - to be used for installation and management of the content for the package |
148 | | - specified in the packageName field. |
| 142 | + name is a required, immutable reference to the name of the ServiceAccount |
| 143 | + to be used for installation and management of the content for the package |
| 144 | + specified in the packageName field. |
149 | 145 |
|
150 | | - This ServiceAccount must exist in the installNamespace. |
| 146 | + This ServiceAccount must exist in the installNamespace. |
151 | 147 |
|
152 | | - name follows the DNS subdomain standard as defined in [RFC 1123]. |
153 | | - It must contain only lowercase alphanumeric characters, |
154 | | - hyphens (-) or periods (.), start and end with an alphanumeric character, |
155 | | - and be no longer than 253 characters. |
| 148 | + name follows the DNS subdomain standard as defined in [RFC 1123]. |
| 149 | + It must contain only lowercase alphanumeric characters, |
| 150 | + hyphens (-) or periods (.), start and end with an alphanumeric character, |
| 151 | + and be no longer than 253 characters. |
156 | 152 |
|
157 | | - Some examples of valid values are: |
158 | | - - some-serviceaccount |
159 | | - - 123-serviceaccount |
160 | | - - 1-serviceaccount-2 |
161 | | - - someserviceaccount |
162 | | - - some.serviceaccount |
| 153 | + Some examples of valid values are: |
| 154 | + - some-serviceaccount |
| 155 | + - 123-serviceaccount |
| 156 | + - 1-serviceaccount-2 |
| 157 | + - someserviceaccount |
| 158 | + - some.serviceaccount |
163 | 159 |
|
164 | | - Some examples of invalid values are: |
165 | | - - -some-serviceaccount |
166 | | - - some-serviceaccount- |
| 160 | + Some examples of invalid values are: |
| 161 | + - -some-serviceaccount |
| 162 | + - some-serviceaccount- |
167 | 163 |
|
168 | | - [RFC 1123]: https://tools.ietf.org/html/rfc1123 |
169 | | - maxLength: 253 |
170 | | - type: string |
171 | | - x-kubernetes-validations: |
172 | | - - message: name is immutable |
173 | | - rule: self == oldSelf |
174 | | - - message: name must be a valid DNS1123 subdomain |
175 | | - rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") |
176 | | - required: |
177 | | - - name |
178 | | - type: object |
| 164 | + [RFC 1123]: https://tools.ietf.org/html/rfc1123 |
| 165 | + maxLength: 253 |
| 166 | + type: string |
| 167 | + x-kubernetes-validations: |
| 168 | + - message: name is immutable |
| 169 | + rule: self == oldSelf |
| 170 | + - message: name must be a valid DNS1123 subdomain |
| 171 | + rule: self.matches("^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$") |
179 | 172 | required: |
180 | | - - namespace |
181 | | - - serviceAccount |
| 173 | + - name |
182 | 174 | type: object |
183 | 175 | source: |
184 | 176 | description: |- |
@@ -459,7 +451,8 @@ spec: |
459 | 451 | rule: 'has(self.sourceType) && self.sourceType == ''Catalog'' ? |
460 | 452 | has(self.catalog) : !has(self.catalog)' |
461 | 453 | required: |
462 | | - - install |
| 454 | + - namespace |
| 455 | + - serviceAccount |
463 | 456 | - source |
464 | 457 | type: object |
465 | 458 | status: |
|
0 commit comments