diff options
| author | vincentgoat <linguohui1@huawei.com> | 2023-05-29 21:27:35 +0800 |
|---|---|---|
| committer | vincentgoat <linguohui1@huawei.com> | 2023-05-29 21:28:21 +0800 |
| commit | 1de6d1c6bca2b4513ecd75305cd99f1159990318 (patch) | |
| tree | 421d93544181ed3dbe65e4ed31681e49a8925453 /manifests | |
| parent | add crd api types (diff) | |
| download | kubeedge-1de6d1c6bca2b4513ecd75305cd99f1159990318.tar.gz | |
generate crd
Signed-off-by: vincentgoat <linguohui1@huawei.com>
Diffstat (limited to 'manifests')
| -rw-r--r-- | manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml | 501 |
1 files changed, 501 insertions, 0 deletions
diff --git a/manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml b/manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml new file mode 100644 index 000000000..a6a2c27e0 --- /dev/null +++ b/manifests/charts/cloudcore/crds/policy_v1alpha1_serviceaccountaccess.yaml @@ -0,0 +1,501 @@ + +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.6.2 + creationTimestamp: null + name: serviceaccountaccesses.policy.kubeedge.io +spec: + group: policy.kubeedge.io + names: + kind: ServiceAccountAccess + listKind: ServiceAccountAccessList + plural: serviceaccountaccesses + shortNames: + - saaccess + singular: serviceaccountaccess + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ServiceAccountAccess is the Schema for the ServiceAccountAccess + API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: Spec represents the specification of rbac. + properties: + accessClusterRoleBinding: + description: AccessClusterRoleBinding represents rbac ClusterRoleBinding + plus detailed ClusterRole info. + items: + description: AccessClusterRoleBinding represents rbac ClusterRoleBinding + plus detailed ClusterRole info. + properties: + clusterRoleBinding: + description: ClusterRoleBinding represents rbac ClusterRoleBinding. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of + this representation of an object. Servers should convert + recognized schemas to the latest internal value, and may + reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: Standard object's metadata. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + roleRef: + description: RoleRef can only reference a ClusterRole in + the global namespace. If the RoleRef cannot be resolved, + the Authorizer must return an error. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + subjects: + description: Subjects holds references to the objects the + role applies to. + items: + description: Subject contains a reference to the object + or user identities a role binding applies to. This + can either hold a direct API object reference, or a + value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. + Defaults to "rbac.authorization.k8s.io" for User + and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values + defined by this API group are "User", "Group", and + "ServiceAccount". If the Authorizer does not recognized + the kind value, the Authorizer should report an + error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If + the object kind is non-namespace, such as "User" + or "Group", and this value is not empty the Authorizer + should report an error. + type: string + required: + - kind + - name + type: object + type: array + required: + - roleRef + type: object + rules: + description: Rules contains role rules. + items: + description: PolicyRule holds information that describes a + policy rule, but does not contain information about who + the rule applies to or which namespace the rule applies + to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that + contains the resources. If multiple API groups are + specified, any action requested against one of the enumerated + resources in any API group will be allowed. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls + that a user should have access to. *s are allowed, + but only as the full, final step in the path Since non-resource + URLs are not namespaced, this field is only applicable + for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" + or "secrets") or non-resource URL paths (such as "/api"), but + not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of + names that the rule applies to. An empty set means + that everything is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule + applies to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL + the ResourceKinds contained in this rule. '*' represents + all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + type: array + accessRoleBinding: + description: AccessRoleBinding represents rbac rolebinding plus detailed + role info. + items: + description: AccessRoleBinding represents rbac rolebinding plus + detailed role info. + properties: + roleBinding: + description: RoleBinding represents rbac rolebinding. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of + this representation of an object. Servers should convert + recognized schemas to the latest internal value, and may + reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST + resource this object represents. Servers may infer this + from the endpoint the client submits requests to. Cannot + be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: Standard object's metadata. + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + roleRef: + description: RoleRef can reference a Role in the current + namespace or a ClusterRole in the global namespace. If + the RoleRef cannot be resolved, the Authorizer must return + an error. + properties: + apiGroup: + description: APIGroup is the group for the resource + being referenced + type: string + kind: + description: Kind is the type of resource being referenced + type: string + name: + description: Name is the name of resource being referenced + type: string + required: + - apiGroup + - kind + - name + type: object + subjects: + description: Subjects holds references to the objects the + role applies to. + items: + description: Subject contains a reference to the object + or user identities a role binding applies to. This + can either hold a direct API object reference, or a + value for non-objects such as user and group names. + properties: + apiGroup: + description: APIGroup holds the API group of the referenced + subject. Defaults to "" for ServiceAccount subjects. + Defaults to "rbac.authorization.k8s.io" for User + and Group subjects. + type: string + kind: + description: Kind of object being referenced. Values + defined by this API group are "User", "Group", and + "ServiceAccount". If the Authorizer does not recognized + the kind value, the Authorizer should report an + error. + type: string + name: + description: Name of the object being referenced. + type: string + namespace: + description: Namespace of the referenced object. If + the object kind is non-namespace, such as "User" + or "Group", and this value is not empty the Authorizer + should report an error. + type: string + required: + - kind + - name + type: object + type: array + required: + - roleRef + type: object + rules: + description: Rules contains role rules. + items: + description: PolicyRule holds information that describes a + policy rule, but does not contain information about who + the rule applies to or which namespace the rule applies + to. + properties: + apiGroups: + description: APIGroups is the name of the APIGroup that + contains the resources. If multiple API groups are + specified, any action requested against one of the enumerated + resources in any API group will be allowed. + items: + type: string + type: array + nonResourceURLs: + description: NonResourceURLs is a set of partial urls + that a user should have access to. *s are allowed, + but only as the full, final step in the path Since non-resource + URLs are not namespaced, this field is only applicable + for ClusterRoles referenced from a ClusterRoleBinding. + Rules can either apply to API resources (such as "pods" + or "secrets") or non-resource URL paths (such as "/api"), but + not both. + items: + type: string + type: array + resourceNames: + description: ResourceNames is an optional white list of + names that the rule applies to. An empty set means + that everything is allowed. + items: + type: string + type: array + resources: + description: Resources is a list of resources this rule + applies to. '*' represents all resources. + items: + type: string + type: array + verbs: + description: Verbs is a list of Verbs that apply to ALL + the ResourceKinds contained in this rule. '*' represents + all verbs. + items: + type: string + type: array + required: + - verbs + type: object + type: array + type: object + type: array + serviceAccount: + description: ServiceAccount is one-to-one corresponding relations + with the serviceaccountaccess. + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this + representation of an object. Servers should convert recognized + schemas to the latest internal value, and may reject unrecognized + values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + automountServiceAccountToken: + description: AutomountServiceAccountToken indicates whether pods + running as this service account should have an API token automatically + mounted. Can be overridden at the pod level. + type: boolean + imagePullSecrets: + description: 'ImagePullSecrets is a list of references to secrets + in the same namespace to use for pulling any images in pods + that reference this ServiceAccount. ImagePullSecrets are distinct + from Secrets because Secrets can be mounted in the pod, but + ImagePullSecrets are only accessed by the kubelet. More info: + https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod' + items: + description: LocalObjectReference contains enough information + to let you locate the referenced object inside the same namespace. + properties: + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Add other useful fields. apiVersion, kind, uid?' + type: string + type: object + type: array + kind: + description: 'Kind is a string value representing the REST resource + this object represents. Servers may infer this from the endpoint + the client submits requests to. Cannot be updated. In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + type: object + finalizers: + items: + type: string + type: array + labels: + additionalProperties: + type: string + type: object + name: + type: string + namespace: + type: string + type: object + secrets: + description: 'Secrets is the list of secrets allowed to be used + by pods running using this ServiceAccount. More info: https://kubernetes.io/docs/concepts/configuration/secret' + items: + description: 'ObjectReference contains enough information to + let you inspect or modify the referred object. --- New uses + of this type are discouraged because of difficulty describing + its usage when embedded in APIs. 1. Ignored fields. It includes + many fields which are not generally honored. For instance, + ResourceVersion and FieldPath are both very rarely valid in + actual usage. 2. Invalid usage help. It is impossible to + add specific help for individual usage. In most embedded + usages, there are particular restrictions like, "must + refer only to types A and B" or "UID not honored" or "name + must be restricted". Those cannot be well described when + embedded. 3. Inconsistent validation. Because the usages + are different, the validation rules are different by usage, + which makes it hard for users to predict what will happen. 4. + The fields are both imprecise and overly precise. Kind is + not a precise mapping to a URL. This can produce ambiguity during + interpretation and require a REST mapping. In most cases, + the dependency is on the group,resource tuple and the + version of the actual struct is irrelevant. 5. We cannot + easily change it. Because this type is embedded in many locations, + updates to this type will affect numerous schemas. Don''t + make new APIs embed an underspecified API type they do not + control. Instead of using this type, create a locally provided + and used type that is well-focused on your reference. For + example, ServiceReferences for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533 + .' + properties: + apiVersion: + description: API version of the referent. + type: string + fieldPath: + description: 'If referring to a piece of an object instead + of an entire object, this string should contain a valid + JSON/Go field access statement, such as desiredState.manifest.containers[2]. + For example, if the object reference is to a container + within a pod, this would take on a value like: "spec.containers{name}" + (where "name" refers to the name of the container that + triggered the event) or if no container name is specified + "spec.containers[2]" (container with index 2 in this pod). + This syntax is chosen only to have some well-defined way + of referencing a part of an object. TODO: this design + is not final and this field is subject to change in the + future.' + type: string + kind: + description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + name: + description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names' + type: string + namespace: + description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/' + type: string + resourceVersion: + description: 'Specific resourceVersion to which this reference + is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency' + type: string + uid: + description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids' + type: string + type: object + type: array + type: object + serviceAccountUid: + description: ServiceAccountUID is the uid of serviceaccount. + type: string + type: object + status: + description: Status represents the node list which store the rules. + properties: + nodeList: + description: NodeList represents the node name which store the rules. + items: + type: string + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +status: + acceptedNames: + kind: "" + plural: "" + conditions: [] + storedVersions: [] |