From 0eec656cc41362d6e026622515604de54ef7a546 Mon Sep 17 00:00:00 2001 From: raffis Date: Fri, 8 Dec 2023 14:40:28 +0100 Subject: [PATCH] fix: reconcilerTemplate metadata spec (#157) --- CONTRIBUTING.md | 11 +- PROJECT | 31 +- api/v1beta1/keycloakrealm_types.go | 30 +- api/v1beta1/zz_generated.deepcopy.go | 49 +- ...cloak.infra.doodle.com_keycloakrealms.yaml | 954 +----------------- ...cloak.infra.doodle.com_keycloakrealms.yaml | 954 +----------------- .../controllers/keycloakrealm_controller.go | 38 +- .../keycloakrealm_controller_test.go | 8 +- 8 files changed, 161 insertions(+), 1914 deletions(-) diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index eb42570e..8f6c42ee 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -1,12 +1,5 @@ ## Release process -### Controller release 1. Merge all pr's to master which need to be part of the new release -2. Create pr to master and bump the kustomization base -3. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically. -4. Create a new pr and add the following changes: - 1. Bump chart version - 2. Bump charts app version - -### Helm chart change only -1. Bump the helm chart version in the pr \ No newline at end of file +2. Push a tag following semantic versioning prefixed by 'v'. Do not create a github release, this is done automatically. +3. Wait until all artifacts are published. \ No newline at end of file diff --git a/PROJECT b/PROJECT index 257a67b9..4db67bb3 100644 --- a/PROJECT +++ b/PROJECT @@ -1,13 +1,34 @@ domain: doodle.com -repo: github.com/DoodleScheduling/keycloak-controller +layout: +- go.kubebuilder.io/v3 +projectName: keycloak-controller +repo: github.com/doodlescheduling/keycloak-controller resources: -- group: keycloak.infra.doodle.com +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: doodle.com + group: keycloak.infra.doodle.com kind: KeycloakRealm + path: github.com/doodlescheduling/keycloak-controller/api/v1beta1 version: v1beta1 -- group: keycloak.infra.doodle.com +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: doodle.com + group: keycloak.infra.doodle.com kind: KeycloakClient + path: github.com/doodlescheduling/keycloak-controller/api/v1beta1 version: v1beta1 -- group: keycloak.infra.doodle.com +- api: + crdVersion: v1 + namespaced: true + controller: true + domain: doodle.com + group: keycloak.infra.doodle.com kind: KeycloakUser + path: github.com/doodlescheduling/keycloak-controller/api/v1beta1 version: v1beta1 -version: "2" +version: "3" \ No newline at end of file diff --git a/api/v1beta1/keycloakrealm_types.go b/api/v1beta1/keycloakrealm_types.go index 9e41610c..37038ca6 100644 --- a/api/v1beta1/keycloakrealm_types.go +++ b/api/v1beta1/keycloakrealm_types.go @@ -68,7 +68,7 @@ type KeycloakRealmSpec struct { // Reconciler defines the pod spec for the reconciler // +optional - ReconcilerTemplate *corev1.Pod `json:"reconcilerTemplate,omitempty"` + ReconcilerTemplate *ReconcilerTemplate `json:"reconcilerTemplate,omitempty"` // Version is the keycloak version // +optional @@ -82,6 +82,34 @@ type KeycloakRealmSpec struct { ResourceSelector *metav1.LabelSelector `json:"resourceSelector,omitempty"` } +type ReconcilerTemplate struct { + // Standard object's metadata. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata + // +optional + ObjectMetadata `json:"metadata,omitempty"` + + // Specification of the desired behavior of the pod. + // More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status + // +optional + Spec corev1.PodSpec `json:"spec,omitempty"` +} + +type ObjectMetadata struct { + // Map of string keys and values that can be used to organize and categorize + // (scope and select) objects. May match selectors of replication controllers + // and services. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels + // +optional + Labels map[string]string `json:"labels,omitempty"` + + // Annotations is an unstructured key value map stored with a resource that may be + // set by external tools to store and retrieve arbitrary metadata. They are not + // queryable and should be preserved when modifying objects. + // More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations + // +optional + Annotations map[string]string `json:"annotations,omitempty"` +} + // SecretReference is a named reference to a secret which contains user credentials type SecretReference struct { // Name referrs to the name of the secret, must be located whithin the same namespace diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index b096d26b..4b70c966 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -22,7 +22,6 @@ limitations under the License. package v1beta1 import ( - corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -1026,7 +1025,7 @@ func (in *KeycloakRealmSpec) DeepCopyInto(out *KeycloakRealmSpec) { } if in.ReconcilerTemplate != nil { in, out := &in.ReconcilerTemplate, &out.ReconcilerTemplate - *out = new(corev1.Pod) + *out = new(ReconcilerTemplate) (*in).DeepCopyInto(*out) } in.Realm.DeepCopyInto(&out.Realm) @@ -1304,6 +1303,52 @@ func (in *MappingsRepresentation) DeepCopy() *MappingsRepresentation { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ObjectMetadata) DeepCopyInto(out *ObjectMetadata) { + *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.Annotations != nil { + in, out := &in.Annotations, &out.Annotations + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectMetadata. +func (in *ObjectMetadata) DeepCopy() *ObjectMetadata { + if in == nil { + return nil + } + out := new(ObjectMetadata) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ReconcilerTemplate) DeepCopyInto(out *ReconcilerTemplate) { + *out = *in + in.ObjectMetadata.DeepCopyInto(&out.ObjectMetadata) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ReconcilerTemplate. +func (in *ReconcilerTemplate) DeepCopy() *ReconcilerTemplate { + if in == nil { + return nil + } + out := new(ReconcilerTemplate) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RedirectorIdentityProviderOverride) DeepCopyInto(out *RedirectorIdentityProviderOverride) { *out = *in diff --git a/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml b/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml index e961a191..aca55fd9 100644 --- a/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml +++ b/chart/keycloak-controller/crds/keycloak.infra.doodle.com_keycloakrealms.yaml @@ -1512,20 +1512,26 @@ spec: reconcilerTemplate: description: Reconciler defines the pod spec for the reconciler properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels' + type: object type: object spec: description: 'Specification of the desired behavior of the pod. @@ -9013,930 +9019,6 @@ spec: required: - containers type: object - status: - description: 'Most recently observed status of the pod. This data - may not be up to date. Populated by the system. Read-only. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - conditions: - description: 'Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions' - items: - description: PodCondition contains details for the current - condition of this pod. - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for - the condition's last transition. - type: string - status: - description: 'Status is the status of the condition. - Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions' - type: string - type: - description: 'Type is the type of the condition. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions' - type: string - required: - - status - - type - type: object - type: array - containerStatuses: - description: 'The list has one entry per container in the - manifest. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status' - items: - description: ContainerStatus contains details for the current - status of this container. - properties: - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: AllocatedResources represents the compute - resources allocated for this container by the node. - Kubelet sets this value to Container.Resources.Requests - upon successful pod admission and after successfully - admitting desired pod resize. - type: object - containerID: - description: ContainerID is the ID of the container - in the format '://'. Where type - is a container runtime identifier, returned from Version - call of CRI API (for example "containerd"). - type: string - image: - description: 'Image is the name of container image that - the container is running. The container image may - not match the image used in the PodSpec, as it may - have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.' - type: string - imageID: - description: ImageID is the image ID of the container's - image. The image ID may not match the image ID of - the image used in the PodSpec, as it may have been - resolved by the runtime. - type: string - lastState: - description: LastTerminationState holds the last termination - state of the container to help debug container crashes - and restarts. This field is not populated if the container - is still running and RestartCount is 0. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - name: - description: Name is a DNS_LABEL representing the unique - name of the container. Each container in a pod must - have a unique name across all container types. Cannot - be updated. - type: string - ready: - description: "Ready specifies whether the container - is currently passing its readiness check. The value - will change as readiness probes keep executing. If - no readiness probes are specified, this field defaults - to true once the container is fully started (see Started - field). \n The value is typically used to determine - whether a container is ready to accept traffic." - type: boolean - resources: - description: Resources represents the compute resource - requests and limits that have been successfully enacted - on the running container after it has been started - or has been successfully resized. - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartCount: - description: RestartCount holds the number of times - the container has been restarted. Kubelet makes an - effort to always increment the value, but there are - cases when the state may be lost due to node restarts - and then the value may be reset to 0. The value is - never negative. - format: int32 - type: integer - started: - description: Started indicates whether the container - has finished its postStart lifecycle hook and passed - its startup probe. Initialized as false, becomes true - after startupProbe is considered successful. Resets - to false when the container is restarted, or if kubelet - loses state temporarily. In both cases, startup probes - will run again. Is always true when no startupProbe - is defined and container is running and has passed - the postStart lifecycle hook. The null value must - be treated the same as false. - type: boolean - state: - description: State holds details about the container's - current condition. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - required: - - image - - imageID - - name - - ready - - restartCount - type: object - type: array - ephemeralContainerStatuses: - description: Status for any ephemeral containers that have - run in this pod. - items: - description: ContainerStatus contains details for the current - status of this container. - properties: - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: AllocatedResources represents the compute - resources allocated for this container by the node. - Kubelet sets this value to Container.Resources.Requests - upon successful pod admission and after successfully - admitting desired pod resize. - type: object - containerID: - description: ContainerID is the ID of the container - in the format '://'. Where type - is a container runtime identifier, returned from Version - call of CRI API (for example "containerd"). - type: string - image: - description: 'Image is the name of container image that - the container is running. The container image may - not match the image used in the PodSpec, as it may - have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.' - type: string - imageID: - description: ImageID is the image ID of the container's - image. The image ID may not match the image ID of - the image used in the PodSpec, as it may have been - resolved by the runtime. - type: string - lastState: - description: LastTerminationState holds the last termination - state of the container to help debug container crashes - and restarts. This field is not populated if the container - is still running and RestartCount is 0. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - name: - description: Name is a DNS_LABEL representing the unique - name of the container. Each container in a pod must - have a unique name across all container types. Cannot - be updated. - type: string - ready: - description: "Ready specifies whether the container - is currently passing its readiness check. The value - will change as readiness probes keep executing. If - no readiness probes are specified, this field defaults - to true once the container is fully started (see Started - field). \n The value is typically used to determine - whether a container is ready to accept traffic." - type: boolean - resources: - description: Resources represents the compute resource - requests and limits that have been successfully enacted - on the running container after it has been started - or has been successfully resized. - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartCount: - description: RestartCount holds the number of times - the container has been restarted. Kubelet makes an - effort to always increment the value, but there are - cases when the state may be lost due to node restarts - and then the value may be reset to 0. The value is - never negative. - format: int32 - type: integer - started: - description: Started indicates whether the container - has finished its postStart lifecycle hook and passed - its startup probe. Initialized as false, becomes true - after startupProbe is considered successful. Resets - to false when the container is restarted, or if kubelet - loses state temporarily. In both cases, startup probes - will run again. Is always true when no startupProbe - is defined and container is running and has passed - the postStart lifecycle hook. The null value must - be treated the same as false. - type: boolean - state: - description: State holds details about the container's - current condition. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - required: - - image - - imageID - - name - - ready - - restartCount - type: object - type: array - hostIP: - description: IP address of the host to which the pod is assigned. - Empty if not yet scheduled. - type: string - initContainerStatuses: - description: 'The list has one entry per init container in - the manifest. The most recent successful init container - will have ready = true, the most recently started container - will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status' - items: - description: ContainerStatus contains details for the current - status of this container. - properties: - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: AllocatedResources represents the compute - resources allocated for this container by the node. - Kubelet sets this value to Container.Resources.Requests - upon successful pod admission and after successfully - admitting desired pod resize. - type: object - containerID: - description: ContainerID is the ID of the container - in the format '://'. Where type - is a container runtime identifier, returned from Version - call of CRI API (for example "containerd"). - type: string - image: - description: 'Image is the name of container image that - the container is running. The container image may - not match the image used in the PodSpec, as it may - have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.' - type: string - imageID: - description: ImageID is the image ID of the container's - image. The image ID may not match the image ID of - the image used in the PodSpec, as it may have been - resolved by the runtime. - type: string - lastState: - description: LastTerminationState holds the last termination - state of the container to help debug container crashes - and restarts. This field is not populated if the container - is still running and RestartCount is 0. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - name: - description: Name is a DNS_LABEL representing the unique - name of the container. Each container in a pod must - have a unique name across all container types. Cannot - be updated. - type: string - ready: - description: "Ready specifies whether the container - is currently passing its readiness check. The value - will change as readiness probes keep executing. If - no readiness probes are specified, this field defaults - to true once the container is fully started (see Started - field). \n The value is typically used to determine - whether a container is ready to accept traffic." - type: boolean - resources: - description: Resources represents the compute resource - requests and limits that have been successfully enacted - on the running container after it has been started - or has been successfully resized. - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartCount: - description: RestartCount holds the number of times - the container has been restarted. Kubelet makes an - effort to always increment the value, but there are - cases when the state may be lost due to node restarts - and then the value may be reset to 0. The value is - never negative. - format: int32 - type: integer - started: - description: Started indicates whether the container - has finished its postStart lifecycle hook and passed - its startup probe. Initialized as false, becomes true - after startupProbe is considered successful. Resets - to false when the container is restarted, or if kubelet - loses state temporarily. In both cases, startup probes - will run again. Is always true when no startupProbe - is defined and container is running and has passed - the postStart lifecycle hook. The null value must - be treated the same as false. - type: boolean - state: - description: State holds details about the container's - current condition. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - required: - - image - - imageID - - name - - ready - - restartCount - type: object - type: array - message: - description: A human readable message indicating details about - why the pod is in this condition. - type: string - nominatedNodeName: - description: nominatedNodeName is set only when this pod preempts - other pods on the node, but it cannot be scheduled right - away as preemption victims receive their graceful termination - periods. This field does not guarantee that the pod will - be scheduled on this node. Scheduler may decide to place - the pod elsewhere if other nodes become available sooner. - Scheduler may also decide to give the resources on this - node to a higher priority pod that is created after preemption. - As a result, this field may be different than PodSpec.nodeName - when the pod is scheduled. - type: string - phase: - description: "The phase of a Pod is a simple, high-level summary - of where the Pod is in its lifecycle. The conditions array, - the reason and message fields, and the individual container - status arrays contain more detail about the pod's status. - There are five possible phase values: \n Pending: The pod - has been accepted by the Kubernetes system, but one or more - of the container images has not been created. This includes - time before being scheduled as well as time spent downloading - images over the network, which could take a while. Running: - The pod has been bound to a node, and all of the containers - have been created. At least one container is still running, - or is in the process of starting or restarting. Succeeded: - All containers in the pod have terminated in success, and - will not be restarted. Failed: All containers in the pod - have terminated, and at least one container has terminated - in failure. The container either exited with non-zero status - or was terminated by the system. Unknown: For some reason - the state of the pod could not be obtained, typically due - to an error in communicating with the host of the pod. \n - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase" - type: string - podIP: - description: IP address allocated to the pod. Routable at - least within the cluster. Empty if not yet allocated. - type: string - podIPs: - description: podIPs holds the IP addresses allocated to the - pod. If this field is specified, the 0th entry must match - the podIP field. Pods may be allocated at most 1 value for - each of IPv4 and IPv6. This list is empty if no IPs have - been allocated yet. - items: - description: "IP address information for entries in the - (plural) PodIPs field. Each entry includes: \n IP: An - IP address allocated to the pod. Routable at least within - the cluster." - properties: - ip: - description: ip is an IP address (IPv4 or IPv6) assigned - to the pod - type: string - type: object - type: array - qosClass: - description: 'The Quality of Service (QOS) classification - assigned to the pod based on resource requirements See PodQOSClass - type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes' - type: string - reason: - description: A brief CamelCase message indicating details - about why the pod is in this state. e.g. 'Evicted' - type: string - resize: - description: Status of resources resize desired for pod's - containers. It is empty if no resources resize is pending. - Any changes to container resources will automatically set - this to "Proposed" - type: string - startTime: - description: RFC 3339 date and time at which the object was - acknowledged by the Kubelet. This is before the Kubelet - pulled the container image(s) for the pod. - format: date-time - type: string - type: object type: object resourceSelector: description: ResourceSelector defines a selector to select keycloak diff --git a/config/base/crd/bases/keycloak.infra.doodle.com_keycloakrealms.yaml b/config/base/crd/bases/keycloak.infra.doodle.com_keycloakrealms.yaml index e961a191..aca55fd9 100644 --- a/config/base/crd/bases/keycloak.infra.doodle.com_keycloakrealms.yaml +++ b/config/base/crd/bases/keycloak.infra.doodle.com_keycloakrealms.yaml @@ -1512,20 +1512,26 @@ spec: reconcilerTemplate: description: Reconciler defines the pod spec for the reconciler properties: - apiVersion: - description: 'APIVersion defines the versioned schema of this - representation of an object. Servers should convert recognized - schemas to the latest internal value, and may reject unrecognized - values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' - type: string - kind: - description: 'Kind is a string value representing the REST resource - this object represents. Servers may infer this from the endpoint - the client submits requests to. Cannot be updated. In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' - type: string metadata: description: 'Standard object''s metadata. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata' + properties: + annotations: + additionalProperties: + type: string + description: 'Annotations is an unstructured key value map + stored with a resource that may be set by external tools + to store and retrieve arbitrary metadata. They are not queryable + and should be preserved when modifying objects. More info: + https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations' + type: object + labels: + additionalProperties: + type: string + description: 'Map of string keys and values that can be used + to organize and categorize (scope and select) objects. May + match selectors of replication controllers and services. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels' + type: object type: object spec: description: 'Specification of the desired behavior of the pod. @@ -9013,930 +9019,6 @@ spec: required: - containers type: object - status: - description: 'Most recently observed status of the pod. This data - may not be up to date. Populated by the system. Read-only. More - info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status' - properties: - conditions: - description: 'Current service state of pod. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions' - items: - description: PodCondition contains details for the current - condition of this pod. - properties: - lastProbeTime: - description: Last time we probed the condition. - format: date-time - type: string - lastTransitionTime: - description: Last time the condition transitioned from - one status to another. - format: date-time - type: string - message: - description: Human-readable message indicating details - about last transition. - type: string - reason: - description: Unique, one-word, CamelCase reason for - the condition's last transition. - type: string - status: - description: 'Status is the status of the condition. - Can be True, False, Unknown. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions' - type: string - type: - description: 'Type is the type of the condition. More - info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-conditions' - type: string - required: - - status - - type - type: object - type: array - containerStatuses: - description: 'The list has one entry per container in the - manifest. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status' - items: - description: ContainerStatus contains details for the current - status of this container. - properties: - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: AllocatedResources represents the compute - resources allocated for this container by the node. - Kubelet sets this value to Container.Resources.Requests - upon successful pod admission and after successfully - admitting desired pod resize. - type: object - containerID: - description: ContainerID is the ID of the container - in the format '://'. Where type - is a container runtime identifier, returned from Version - call of CRI API (for example "containerd"). - type: string - image: - description: 'Image is the name of container image that - the container is running. The container image may - not match the image used in the PodSpec, as it may - have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.' - type: string - imageID: - description: ImageID is the image ID of the container's - image. The image ID may not match the image ID of - the image used in the PodSpec, as it may have been - resolved by the runtime. - type: string - lastState: - description: LastTerminationState holds the last termination - state of the container to help debug container crashes - and restarts. This field is not populated if the container - is still running and RestartCount is 0. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - name: - description: Name is a DNS_LABEL representing the unique - name of the container. Each container in a pod must - have a unique name across all container types. Cannot - be updated. - type: string - ready: - description: "Ready specifies whether the container - is currently passing its readiness check. The value - will change as readiness probes keep executing. If - no readiness probes are specified, this field defaults - to true once the container is fully started (see Started - field). \n The value is typically used to determine - whether a container is ready to accept traffic." - type: boolean - resources: - description: Resources represents the compute resource - requests and limits that have been successfully enacted - on the running container after it has been started - or has been successfully resized. - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartCount: - description: RestartCount holds the number of times - the container has been restarted. Kubelet makes an - effort to always increment the value, but there are - cases when the state may be lost due to node restarts - and then the value may be reset to 0. The value is - never negative. - format: int32 - type: integer - started: - description: Started indicates whether the container - has finished its postStart lifecycle hook and passed - its startup probe. Initialized as false, becomes true - after startupProbe is considered successful. Resets - to false when the container is restarted, or if kubelet - loses state temporarily. In both cases, startup probes - will run again. Is always true when no startupProbe - is defined and container is running and has passed - the postStart lifecycle hook. The null value must - be treated the same as false. - type: boolean - state: - description: State holds details about the container's - current condition. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - required: - - image - - imageID - - name - - ready - - restartCount - type: object - type: array - ephemeralContainerStatuses: - description: Status for any ephemeral containers that have - run in this pod. - items: - description: ContainerStatus contains details for the current - status of this container. - properties: - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: AllocatedResources represents the compute - resources allocated for this container by the node. - Kubelet sets this value to Container.Resources.Requests - upon successful pod admission and after successfully - admitting desired pod resize. - type: object - containerID: - description: ContainerID is the ID of the container - in the format '://'. Where type - is a container runtime identifier, returned from Version - call of CRI API (for example "containerd"). - type: string - image: - description: 'Image is the name of container image that - the container is running. The container image may - not match the image used in the PodSpec, as it may - have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.' - type: string - imageID: - description: ImageID is the image ID of the container's - image. The image ID may not match the image ID of - the image used in the PodSpec, as it may have been - resolved by the runtime. - type: string - lastState: - description: LastTerminationState holds the last termination - state of the container to help debug container crashes - and restarts. This field is not populated if the container - is still running and RestartCount is 0. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - name: - description: Name is a DNS_LABEL representing the unique - name of the container. Each container in a pod must - have a unique name across all container types. Cannot - be updated. - type: string - ready: - description: "Ready specifies whether the container - is currently passing its readiness check. The value - will change as readiness probes keep executing. If - no readiness probes are specified, this field defaults - to true once the container is fully started (see Started - field). \n The value is typically used to determine - whether a container is ready to accept traffic." - type: boolean - resources: - description: Resources represents the compute resource - requests and limits that have been successfully enacted - on the running container after it has been started - or has been successfully resized. - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartCount: - description: RestartCount holds the number of times - the container has been restarted. Kubelet makes an - effort to always increment the value, but there are - cases when the state may be lost due to node restarts - and then the value may be reset to 0. The value is - never negative. - format: int32 - type: integer - started: - description: Started indicates whether the container - has finished its postStart lifecycle hook and passed - its startup probe. Initialized as false, becomes true - after startupProbe is considered successful. Resets - to false when the container is restarted, or if kubelet - loses state temporarily. In both cases, startup probes - will run again. Is always true when no startupProbe - is defined and container is running and has passed - the postStart lifecycle hook. The null value must - be treated the same as false. - type: boolean - state: - description: State holds details about the container's - current condition. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - required: - - image - - imageID - - name - - ready - - restartCount - type: object - type: array - hostIP: - description: IP address of the host to which the pod is assigned. - Empty if not yet scheduled. - type: string - initContainerStatuses: - description: 'The list has one entry per init container in - the manifest. The most recent successful init container - will have ready = true, the most recently started container - will have startTime set. More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-and-container-status' - items: - description: ContainerStatus contains details for the current - status of this container. - properties: - allocatedResources: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: AllocatedResources represents the compute - resources allocated for this container by the node. - Kubelet sets this value to Container.Resources.Requests - upon successful pod admission and after successfully - admitting desired pod resize. - type: object - containerID: - description: ContainerID is the ID of the container - in the format '://'. Where type - is a container runtime identifier, returned from Version - call of CRI API (for example "containerd"). - type: string - image: - description: 'Image is the name of container image that - the container is running. The container image may - not match the image used in the PodSpec, as it may - have been resolved by the runtime. More info: https://kubernetes.io/docs/concepts/containers/images.' - type: string - imageID: - description: ImageID is the image ID of the container's - image. The image ID may not match the image ID of - the image used in the PodSpec, as it may have been - resolved by the runtime. - type: string - lastState: - description: LastTerminationState holds the last termination - state of the container to help debug container crashes - and restarts. This field is not populated if the container - is still running and RestartCount is 0. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - name: - description: Name is a DNS_LABEL representing the unique - name of the container. Each container in a pod must - have a unique name across all container types. Cannot - be updated. - type: string - ready: - description: "Ready specifies whether the container - is currently passing its readiness check. The value - will change as readiness probes keep executing. If - no readiness probes are specified, this field defaults - to true once the container is fully started (see Started - field). \n The value is typically used to determine - whether a container is ready to accept traffic." - type: boolean - resources: - description: Resources represents the compute resource - requests and limits that have been successfully enacted - on the running container after it has been started - or has been successfully resized. - properties: - claims: - description: "Claims lists the names of resources, - defined in spec.resourceClaims, that are used - by this container. \n This is an alpha field and - requires enabling the DynamicResourceAllocation - feature gate. \n This field is immutable. It can - only be set for containers." - items: - description: ResourceClaim references one entry - in PodSpec.ResourceClaims. - properties: - name: - description: Name must match the name of one - entry in pod.spec.resourceClaims of the - Pod where this field is used. It makes that - resource available inside a container. - type: string - required: - - name - type: object - type: array - x-kubernetes-list-map-keys: - - name - x-kubernetes-list-type: map - limits: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Limits describes the maximum amount - of compute resources allowed. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - requests: - additionalProperties: - anyOf: - - type: integer - - type: string - pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ - x-kubernetes-int-or-string: true - description: 'Requests describes the minimum amount - of compute resources required. If Requests is - omitted for a container, it defaults to Limits - if that is explicitly specified, otherwise to - an implementation-defined value. Requests cannot - exceed Limits. More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/' - type: object - type: object - restartCount: - description: RestartCount holds the number of times - the container has been restarted. Kubelet makes an - effort to always increment the value, but there are - cases when the state may be lost due to node restarts - and then the value may be reset to 0. The value is - never negative. - format: int32 - type: integer - started: - description: Started indicates whether the container - has finished its postStart lifecycle hook and passed - its startup probe. Initialized as false, becomes true - after startupProbe is considered successful. Resets - to false when the container is restarted, or if kubelet - loses state temporarily. In both cases, startup probes - will run again. Is always true when no startupProbe - is defined and container is running and has passed - the postStart lifecycle hook. The null value must - be treated the same as false. - type: boolean - state: - description: State holds details about the container's - current condition. - properties: - running: - description: Details about a running container - properties: - startedAt: - description: Time at which the container was - last (re-)started - format: date-time - type: string - type: object - terminated: - description: Details about a terminated container - properties: - containerID: - description: Container's ID in the format '://' - type: string - exitCode: - description: Exit status from the last termination - of the container - format: int32 - type: integer - finishedAt: - description: Time at which the container last - terminated - format: date-time - type: string - message: - description: Message regarding the last termination - of the container - type: string - reason: - description: (brief) reason from the last termination - of the container - type: string - signal: - description: Signal from the last termination - of the container - format: int32 - type: integer - startedAt: - description: Time at which previous execution - of the container started - format: date-time - type: string - required: - - exitCode - type: object - waiting: - description: Details about a waiting container - properties: - message: - description: Message regarding why the container - is not yet running. - type: string - reason: - description: (brief) reason the container is - not yet running. - type: string - type: object - type: object - required: - - image - - imageID - - name - - ready - - restartCount - type: object - type: array - message: - description: A human readable message indicating details about - why the pod is in this condition. - type: string - nominatedNodeName: - description: nominatedNodeName is set only when this pod preempts - other pods on the node, but it cannot be scheduled right - away as preemption victims receive their graceful termination - periods. This field does not guarantee that the pod will - be scheduled on this node. Scheduler may decide to place - the pod elsewhere if other nodes become available sooner. - Scheduler may also decide to give the resources on this - node to a higher priority pod that is created after preemption. - As a result, this field may be different than PodSpec.nodeName - when the pod is scheduled. - type: string - phase: - description: "The phase of a Pod is a simple, high-level summary - of where the Pod is in its lifecycle. The conditions array, - the reason and message fields, and the individual container - status arrays contain more detail about the pod's status. - There are five possible phase values: \n Pending: The pod - has been accepted by the Kubernetes system, but one or more - of the container images has not been created. This includes - time before being scheduled as well as time spent downloading - images over the network, which could take a while. Running: - The pod has been bound to a node, and all of the containers - have been created. At least one container is still running, - or is in the process of starting or restarting. Succeeded: - All containers in the pod have terminated in success, and - will not be restarted. Failed: All containers in the pod - have terminated, and at least one container has terminated - in failure. The container either exited with non-zero status - or was terminated by the system. Unknown: For some reason - the state of the pod could not be obtained, typically due - to an error in communicating with the host of the pod. \n - More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#pod-phase" - type: string - podIP: - description: IP address allocated to the pod. Routable at - least within the cluster. Empty if not yet allocated. - type: string - podIPs: - description: podIPs holds the IP addresses allocated to the - pod. If this field is specified, the 0th entry must match - the podIP field. Pods may be allocated at most 1 value for - each of IPv4 and IPv6. This list is empty if no IPs have - been allocated yet. - items: - description: "IP address information for entries in the - (plural) PodIPs field. Each entry includes: \n IP: An - IP address allocated to the pod. Routable at least within - the cluster." - properties: - ip: - description: ip is an IP address (IPv4 or IPv6) assigned - to the pod - type: string - type: object - type: array - qosClass: - description: 'The Quality of Service (QOS) classification - assigned to the pod based on resource requirements See PodQOSClass - type for available QOS classes More info: https://kubernetes.io/docs/concepts/workloads/pods/pod-qos/#quality-of-service-classes' - type: string - reason: - description: A brief CamelCase message indicating details - about why the pod is in this state. e.g. 'Evicted' - type: string - resize: - description: Status of resources resize desired for pod's - containers. It is empty if no resources resize is pending. - Any changes to container resources will automatically set - this to "Proposed" - type: string - startTime: - description: RFC 3339 date and time at which the object was - acknowledged by the Kubelet. This is before the Kubelet - pulled the container image(s) for the pod. - format: date-time - type: string - type: object type: object resourceSelector: description: ResourceSelector defines a selector to select keycloak diff --git a/internal/controllers/keycloakrealm_controller.go b/internal/controllers/keycloakrealm_controller.go index 36cde303..93ec2f6b 100644 --- a/internal/controllers/keycloakrealm_controller.go +++ b/internal/controllers/keycloakrealm_controller.go @@ -34,6 +34,7 @@ import ( corev1 "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/rand" @@ -166,8 +167,14 @@ func (r *KeycloakRealmReconciler) requestsForChangeBySelector(ctx context.Contex var reqs []reconcile.Request for _, realm := range list.Items { - if matches(o.GetLabels(), realm.Spec.ResourceSelector) { - r.Log.V(1).Info("change of referenced resource detected", "namespace", o.GetNamespace(), "name", o.GetName(), "kind", o.GetObjectKind().GroupVersionKind().Kind, "realm", realm.GetName()) + labelSel, err := metav1.LabelSelectorAsSelector(realm.Spec.ResourceSelector) + if err != nil { + r.Log.Error(err, "can not select resourceSelector selectors") + continue + } + + if labelSel.Matches(labels.Set(o.GetLabels())) { + r.Log.V(1).Info("referenced resource from a KeycloakRealm changed detected", "namespace", realm.GetNamespace(), "realm-name", realm.GetName()) reqs = append(reqs, reconcile.Request{NamespacedName: objectKey(&realm)}) } } @@ -381,7 +388,9 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav template := &corev1.Pod{} if realm.Spec.ReconcilerTemplate != nil { - template = realm.Spec.ReconcilerTemplate.DeepCopy() + template.ObjectMeta.Labels = realm.Spec.ReconcilerTemplate.Labels + template.ObjectMeta.Annotations = realm.Spec.ReconcilerTemplate.Annotations + realm.Spec.ReconcilerTemplate.Spec.DeepCopyInto(&template.Spec) } template.Name = secret.Name @@ -390,6 +399,8 @@ func (r *KeycloakRealmReconciler) podReconcile(ctx context.Context, realm infrav template.ResourceVersion = "" template.UID = "" + r.Log.Info("reconciler", "template", template.Labels) + if template.Annotations == nil { template.Annotations = make(map[string]string) } @@ -702,27 +713,6 @@ func (r *KeycloakRealmReconciler) extendRealmWithUsers(ctx context.Context, real return realm, nil } -func matches(labels map[string]string, selector *metav1.LabelSelector) bool { - if selector == nil { - return true - } - - for kS, vS := range selector.MatchLabels { - var match bool - for kL, vL := range selector.MatchLabels { - if kS == kL && vS == vL { - match = true - } - } - - if !match { - return false - } - } - - return true -} - func (r *KeycloakRealmReconciler) substituteSecrets(ctx context.Context, realm infrav1beta1.KeycloakRealm) (string, error) { b, err := json.Marshal(realm.Spec.Realm) if err != nil { diff --git a/internal/controllers/keycloakrealm_controller_test.go b/internal/controllers/keycloakrealm_controller_test.go index 10c62244..87d24daf 100644 --- a/internal/controllers/keycloakrealm_controller_test.go +++ b/internal/controllers/keycloakrealm_controller_test.go @@ -1336,7 +1336,12 @@ var _ = Describe("KeycloakRealm controller", func() { }, Spec: v1beta1.KeycloakRealmSpec{ Version: "22.0.1", - ReconcilerTemplate: &corev1.Pod{ + ReconcilerTemplate: &v1beta1.ReconcilerTemplate{ + ObjectMetadata: v1beta1.ObjectMetadata{ + Labels: map[string]string{ + "test": "label", + }, + }, Spec: corev1.PodSpec{ Containers: []corev1.Container{ { @@ -1439,6 +1444,7 @@ var _ = Describe("KeycloakRealm controller", func() { }, } + Expect(pod.Labels["test"]).Should(Equal("label")) Expect(pod.Spec.Containers[1].Name).Should(Equal("sidecar")) Expect(pod.Spec.Containers[1].Image).Should(Equal("sidecar:1")) Expect(pod.Spec.Containers[0].Image).Should(Equal("custom-image:1"))