v1alpha1

type NamespaceTemplate ¶

type NamespaceTemplate struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec NamespaceTemplateSpec `json:"spec"`
}

NamespaceTemplate defines a template of resources to be created inside a namespace.

func (in *NamespaceTemplate) DeepCopy() *NamespaceTemplate

func (in *NamespaceTemplate) DeepCopyInto(out *NamespaceTemplate)

func (in *NamespaceTemplate) DeepCopyObject() runtime.Object

type NamespaceTemplateList ¶

type NamespaceTemplateList struct {
	metav1.TypeMeta `json:",inline"`
	// ListMeta is standard list metadata
	// +optional
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Items are list of NamespaceTemplate objects.
	Items []NamespaceTemplate `json:"items" protobuf:"bytes,2,rep,name=items`
}

func (in *NamespaceTemplateList) DeepCopy() *NamespaceTemplateList

func (in *NamespaceTemplateList) DeepCopyInto(out *NamespaceTemplateList)

func (in *NamespaceTemplateList) DeepCopyObject() runtime.Object

type NamespaceTemplateSpec ¶

type NamespaceTemplateSpec struct {
	Templates []apirt.RawExtension `json:"templates"`
}

NamespaceTemplateSpec defines the details in a NamespaceTemplate resource. The list of Templates is used for generating a manifest file containing all resources and shell-out to "kubectl apply" (let kubelet to handle the resource diff and merge, and don't re-implement this black-magic in client code) to be applied in a namespace. An example of a NamespaceTemplate will be something like:

apiVersion: tenants.k8s.io/v1alpha1 kind: NamespaceTemplate metadata:

name: restricted

spec:

templates:
- apiVersion: rbac.authorization.k8s.io/v1
  kind: RoleBinding
  metadata:
    name: 'multitenancy:podsecuritypolicy'
  roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: 'multitenancy:use-psp:restricted'
  subjects:
  - kind: Group
    apiGroup: rbac.authorization.k8s.io
    name: system:serviceaccounts
- apiVersion: networking.k8s.io/v1
  kind: NetworkPolicy
  metadata:
    name: multitenancy-default
  spec:
    podSelector: {}
    policyTypes:
    - Ingress
    - Egress

func (in *NamespaceTemplateSpec) DeepCopy() *NamespaceTemplateSpec

func (in *NamespaceTemplateSpec) DeepCopyInto(out *NamespaceTemplateSpec)

type Tenant ¶

type Tenant struct {
	metav1.TypeMeta `json:",inline"`
	// ObjectMeta is standard object metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Spec is the details of the tenant.
	// +optional
	Spec TenantSpec `json:"spec" protobuf:"bytes,2,opt,name=spec"`

	// Status is the status of the tenant.
	// +optional
	Status TenantStatus `json:"status" protobuf:"bytes,3,opt,name=status"`
}

Tenant is the resource represents a group of users belonging to the same tenant. A Tenant is a grouping concept of resources belong to a group of users (the tenant). Under a tenant, one or more namespaces are created. The OwerReferences in namespace resource will point to this Tenant resource, so once the Tenant resource is deleted, the namespaces will be garbage collected. Beyond this, the following labels are proposed to be associated with namespaces:

tenants.k8s.io/tenant=<name of Tenant resource>

func (in *Tenant) DeepCopy() *Tenant

func (in *Tenant) DeepCopyInto(out *Tenant)

func (in *Tenant) DeepCopyObject() runtime.Object

type TenantList ¶

type TenantList struct {
	metav1.TypeMeta `json:",inline"`
	// ListMeta is standard list metadata
	// +optional
	metav1.ListMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Items are list of Tenant objects.
	Items []Tenant `json:"items" protobuf:"bytes,2,rep,name=items`
}

func (in *TenantList) DeepCopy() *TenantList

func (in *TenantList) DeepCopyInto(out *TenantList)

func (in *TenantList) DeepCopyObject() runtime.Object

type TenantNamespace ¶

type TenantNamespace struct {
	Name     string `json:"name"`
	Template string `json:"template"`
}

TenantNamespace defines the namespaces belonging to this tenant.

func (in *TenantNamespace) DeepCopy() *TenantNamespace

func (in *TenantNamespace) DeepCopyInto(out *TenantNamespace)

type TenantPhase ¶

type TenantPhase string

TenantPhase defines the phase of tenant status.

const (
	// TenantPending means the tenant is going to be created, but not happening yet.
	// This is set right after the tenant is created.
	TenantPending TenantPhase = "Pending"
	// TenantCreating means tenant is being created.
	TenantCreating TenantPhase = "Creating"
	// TenantActive means tenant is ready and being used.
	TenantActive TenantPhase = "Active"
	// TenantTerminating means tenant is being removed.
	TenantTerminating TenantPhase = "Terminating"
)

type TenantSpec ¶

type TenantSpec struct {
	// Admins are the identities with admin privilege in namespaces.
	// +optional
	Admins []rbacv1.Subject `json:"admins"`

	// Namespaces are the namespaces created for the tenant.
	// +optional
	Namespaces []TenantNamespace `json:"namespaces"`
}

TenantSpec defines the spec of a tenant resource. The Tenant controller will use the list of Namespaces here as the source of truth to reconciliate the actual namespaces belong to the tenant. Updating the namespace list here will trigger the reconciliation of namespaces.

func (in *TenantSpec) DeepCopy() *TenantSpec

func (in *TenantSpec) DeepCopyInto(out *TenantSpec)

type TenantStatus ¶

type TenantStatus struct {
	// Phase indicates if the tenant is Pending, Creating, Active or Terminating.
	// +optional
	Phase TenantPhase `json:"phase,omitempty" protobuf:"bytes,1,opt,name=phase,casttype=TenantPhase"`

	// Message provides human-readable information of current status.
	// +optional
	Message string `json:"message,omitempty" protobuf:"bytes,2,opt,name=message"`

	// Reason is a brief CamelCase string describing the status.
	// +optional
	Reason string `json:"reason,omitempty" protobuf:"bytes,3,opt,name=reason"`
}

TenantStatus defines the status of a tenant resource.

func (in *TenantStatus) DeepCopy() *TenantStatus

func (in *TenantStatus) DeepCopyInto(out *TenantStatus)