Updating the CRDs

Author: mukhoakash

crds/objectstorage.k8s.io_bucketaccessclasses.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: bucketaccessclasses.objectstorage.k8s.io
 spec:
@@ -25,6 +24,15 @@ spec:
               of an object. Servers should convert recognized schemas to the latest
               internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
             type: string
+          authenticationType:
+            description: AuthenticationType denotes the style of authentication It
+              can be one of KEY - access, secret tokens based authentication IAM -
+              implicit authentication of pods to the OSP based on service account
+              mappings
+            type: string
+          driverName:
+            description: DriverName is the name of driver associated with this BucketAccess
+            type: string
           kind:
             description: 'Kind is a string value representing the REST resource this
               object represents. Servers may infer this from the endpoint the client
@@ -35,69 +43,12 @@ spec:
           parameters:
             additionalProperties:
               type: string
+            description: Parameters is an opaque map for passing in configuration
+              to a driver for granting access to a bucket
             type: object
-          policyActionsConfigMap:
-            description: 'ObjectReference contains enough information to let you inspect
-              or modify the referred object. --- New uses of this type are discouraged
-              because of difficulty describing its usage when embedded in APIs.  1.
-              Ignored fields.  It includes many fields which are not generally honored.  For
-              instance, ResourceVersion and FieldPath are both very rarely valid in
-              actual usage.  2. Invalid usage help.  It is impossible to add specific
-              help for individual usage.  In most embedded usages, there are particular     restrictions
-              like, "must refer only to types A and B" or "UID not honored" or "name
-              must be restricted".     Those cannot be well described when embedded.  3.
-              Inconsistent validation.  Because the usages are different, the validation
-              rules are different by usage, which makes it hard for users to predict
-              what will happen.  4. The fields are both imprecise and overly precise.  Kind
-              is not a precise mapping to a URL. This can produce ambiguity     during
-              interpretation and require a REST mapping.  In most cases, the dependency
-              is on the group,resource tuple     and the version of the actual struct
-              is irrelevant.  5. We cannot easily change it.  Because this type is
-              embedded in many locations, updates to this type     will affect numerous
-              schemas.  Don''t make new APIs embed an underspecified API type they
-              do not control. Instead of using this type, create a locally provided
-              and used type that is well-focused on your reference. For example, ServiceReferences
-              for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-              .'
-            properties:
-              apiVersion:
-                description: API version of the referent.
-                type: string
-              fieldPath:
-                description: 'If referring to a piece of an object instead of an entire
-                  object, this string should contain a valid JSON/Go field access
-                  statement, such as desiredState.manifest.containers[2]. For example,
-                  if the object reference is to a container within a pod, this would
-                  take on a value like: "spec.containers{name}" (where "name" refers
-                  to the name of the container that triggered the event) or if no
-                  container name is specified "spec.containers[2]" (container with
-                  index 2 in this pod). This syntax is chosen only to have some well-defined
-                  way of referencing a part of an object. TODO: this design is not
-                  final and this field is subject to change in the future.'
-                type: string
-              kind:
-                description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                type: string
-              name:
-                description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                type: string
-              namespace:
-                description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                type: string
-              resourceVersion:
-                description: 'Specific resourceVersion to which this reference is
-                  made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                type: string
-              uid:
-                description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                type: string
-            type: object
+        required:
+        - authenticationType
+        - driverName
         type: object
     served: true
     storage: true
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

crds/objectstorage.k8s.io_bucketaccesses.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: bucketaccesses.objectstorage.k8s.io
 spec:
@@ -14,7 +13,7 @@ spec:
     listKind: BucketAccessList
     plural: bucketaccesses
     singular: bucketaccess
-  scope: Cluster
+  scope: Namespaced
   versions:
   - name: v1alpha1
     schema:
@@ -34,104 +33,49 @@ spec:
             type: object
           spec:
             properties:
-              bucketName:
+              bucketAccessClassName:
+                description: BucketAccessClassName is the name of the BucketAccessClass
                 type: string
-              parameters:
-                additionalProperties:
-                  type: string
-                type: object
-              policyActionsConfigMapData:
+              bucketClaimName:
+                description: BucketClaimName is the name of the BucketClaim.
                 type: string
-              serviceAccount:
-                description: 'ObjectReference contains enough information to let you
-                  inspect or modify the referred object. --- New uses of this type
-                  are discouraged because of difficulty describing its usage when
-                  embedded in APIs.  1. Ignored fields.  It includes many fields which
-                  are not generally honored.  For instance, ResourceVersion and FieldPath
-                  are both very rarely valid in actual usage.  2. Invalid usage help.  It
-                  is impossible to add specific help for individual usage.  In most
-                  embedded usages, there are particular     restrictions like, "must
-                  refer only to types A and B" or "UID not honored" or "name must
-                  be restricted".     Those cannot be well described when embedded.  3.
-                  Inconsistent validation.  Because the usages are different, the
-                  validation rules are different by usage, which makes it hard for
-                  users to predict what will happen.  4. The fields are both imprecise
-                  and overly precise.  Kind is not a precise mapping to a URL. This
-                  can produce ambiguity     during interpretation and require a REST
-                  mapping.  In most cases, the dependency is on the group,resource
-                  tuple     and the version of the actual struct is irrelevant.  5.
-                  We cannot easily change it.  Because this type is embedded in many
-                  locations, updates to this type     will affect numerous schemas.  Don''t
-                  make new APIs embed an underspecified API type they do not control.
-                  Instead of using this type, create a locally provided and used type
-                  that is well-focused on your reference. For example, ServiceReferences
-                  for admission registration: https://github.com/kubernetes/api/blob/release-1.17/admissionregistration/v1/types.go#L533
-                  .'
-                properties:
-                  apiVersion:
-                    description: API version of the referent.
-                    type: string
-                  fieldPath:
-                    description: 'If referring to a piece of an object instead of
-                      an entire object, this string should contain a valid JSON/Go
-                      field access statement, such as desiredState.manifest.containers[2].
-                      For example, if the object reference is to a container within
-                      a pod, this would take on a value like: "spec.containers{name}"
-                      (where "name" refers to the name of the container that triggered
-                      the event) or if no container name is specified "spec.containers[2]"
-                      (container with index 2 in this pod). This syntax is chosen
-                      only to have some well-defined way of referencing a part of
-                      an object. TODO: this design is not final and this field is
-                      subject to change in the future.'
-                    type: string
-                  kind:
-                    description: 'Kind of the referent. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
-                    type: string
-                  name:
-                    description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
-                    type: string
-                  namespace:
-                    description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
-                    type: string
-                  resourceVersion:
-                    description: 'Specific resourceVersion to which this reference
-                      is made, if any. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#concurrency-control-and-consistency'
-                    type: string
-                  uid:
-                    description: 'UID of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#uids'
-                    type: string
-                type: object
+              credentialsSecretName:
+                description: CredentialsSecretName is the name of the secret that
+                  COSI should populate with the credentials. If a secret by this name
+                  already exists, then it is assumed that credentials have already
+                  been generated. It is not overridden. This secret is deleted when
+                  the BucketAccess is delted.
+                type: string
+              protocol:
+                description: Protocol is the name of the Protocol that this access
+                  credential is supposed to support If left empty, it will choose
+                  the protocol supported by the bucket. If the bucket supports multiple
+                  protocols, the end protocol is determined by the driver.
+                type: string
+              serviceAccountName:
+                description: ServiceAccountName is the name of the serviceAccount
+                  that COSI will map to the OSP service account when IAM styled authentication
+                  is specified
+                type: string
+            required:
+            - bucketAccessClassName
+            - bucketClaimName
+            - credentialsSecretName
             type: object
           status:
             properties:
               accessGranted:
+                description: AccessGranted indicates the successful grant of privileges
+                  to access the bucket
                 type: boolean
               accountID:
+                description: AccountID is the unique ID for the account in the OSP.
+                  It will be populated by the COSI sidecar once access has been successfully
+                  granted.
                 type: string
-              message:
-                type: string
-              mintedSecret:
-                description: SecretReference represents a Secret Reference. It has
-                  enough information to retrieve secret in any namespace
-                properties:
-                  name:
-                    description: Name is unique within a namespace to reference a
-                      secret resource.
-                    type: string
-                  namespace:
-                    description: Namespace defines the space within which the secret
-                      name must be unique.
-                    type: string
-                type: object
             type: object
         type: object
     served: true
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []

crds/objectstorage.k8s.io_bucketclaims.yaml

@@ -1,10 +1,9 @@
-
 ---
 apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.4.1
+    controller-gen.kubebuilder.io/version: v0.9.2
   creationTimestamp: null
   name: bucketclaims.objectstorage.k8s.io
 spec:
@@ -35,27 +34,40 @@ spec:
           spec:
             properties:
               bucketClassName:
+                description: Name of the BucketClass
                 type: string
-              bucketPrefix:
+              existingBucketName:
+                description: Name of a bucket object that was manually created to
+                  import a bucket created outside of COSI If unspecified, then a new
+                  Bucket will be dynamically provisioned
                 type: string
+              protocols:
+                description: 'Protocols are the set of data API this bucket is required
+                  to support. The possible values for protocol are: -  S3: Indicates
+                  Amazon S3 protocol -  Azure: Indicates Microsoft Azure BlobStore
+                  protocol -  GCS: Indicates Google Cloud Storage protocol'
+                items:
+                  type: string
+                type: array
+            required:
+            - protocols
             type: object
           status:
             properties:
-              bucketAvailable:
-                type: boolean
               bucketName:
+                description: BucketName is the name of the provisioned Bucket in response
+                  to this BucketClaim. It is generated and set by the COSI controller
+                  before making the creation request to the OSP backend.
                 type: string
-              message:
-                type: string
+              bucketReady:
+                description: BucketReady indicates that the bucket is ready for consumpotion
+                  by workloads
+                type: boolean
+            required:
+            - bucketReady
             type: object
         type: object
     served: true
     storage: true
     subresources:
       status: {}
-status:
-  acceptedNames:
-    kind: ""
-    plural: ""
-  conditions: []
-  storedVersions: []