From 4f8871f8e644d61e9a1c969d9932c01b5d603824 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Masset?= <86793256+smasset-orange@users.noreply.github.com> Date: Mon, 26 Jan 2026 16:21:22 +0100 Subject: [PATCH 1/2] feat(addons): add extraEnvs field to addons to add envvars to containers MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sébastien Masset <86793256+smasset-orange@users.noreply.github.com> --- api/v1alpha1/tenantcontrolplane_types.go | 3 + api/v1alpha1/zz_generated.deepcopy.go | 25 +- ...i.clastix.io_tenantcontrolplanes_spec.yaml | 584 ++++++ ...kamaji.clastix.io_tenantcontrolplanes.yaml | 584 ++++++ docs/content/reference/api.md | 1684 +++++++++++++++-- e2e/tcp_addon_extraenv_test.go | 208 ++ e2e/utils_test.go | 180 ++ .../controlplane/konnectivity_server.go | 11 + internal/resources/addons/coredns.go | 10 + internal/resources/addons/kube_proxy.go | 10 + internal/resources/konnectivity/agent.go | 11 + internal/utilities/envvars.go | 34 + internal/utilities/envvars_test.go | 79 + 13 files changed, 3243 insertions(+), 180 deletions(-) create mode 100644 e2e/tcp_addon_extraenv_test.go create mode 100644 internal/utilities/envvars.go create mode 100644 internal/utilities/envvars_test.go diff --git a/api/v1alpha1/tenantcontrolplane_types.go b/api/v1alpha1/tenantcontrolplane_types.go index 0b6c6d2f..e95c4144 100644 --- a/api/v1alpha1/tenantcontrolplane_types.go +++ b/api/v1alpha1/tenantcontrolplane_types.go @@ -258,6 +258,7 @@ type ServiceSpec struct { // AddonSpec defines the spec for every addon. type AddonSpec struct { ImageOverrideTrait `json:",inline"` + ExtraEnvs []corev1.EnvVar `json:"extraEnvs,omitempty"` } type ImageOverrideTrait struct { @@ -289,6 +290,7 @@ type KonnectivityServerSpec struct { // Resources define the amount of CPU and memory to allocate to the Konnectivity server. Resources *corev1.ResourceRequirements `json:"resources,omitempty"` ExtraArgs ExtraArgs `json:"extraArgs,omitempty"` + ExtraEnvs []corev1.EnvVar `json:"extraEnvs,omitempty"` } type KonnectivityAgentMode string @@ -314,6 +316,7 @@ type KonnectivityAgentSpec struct { //+kubebuilder:default={{key: "CriticalAddonsOnly", operator: "Exists"}} Tolerations []corev1.Toleration `json:"tolerations,omitempty"` ExtraArgs ExtraArgs `json:"extraArgs,omitempty"` + ExtraEnvs []corev1.EnvVar `json:"extraEnvs,omitempty"` // HostNetwork enables the konnectivity agent to use the Host network namespace. // By enabling this mode, the Agent doesn't need to wait for the CNI initialisation, // enabling a sort of out-of-band access to nodes for troubleshooting scenarios, diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index c06daa0e..448569f1 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -120,6 +120,13 @@ func (in *AdditionalVolumeMounts) DeepCopy() *AdditionalVolumeMounts { func (in *AddonSpec) DeepCopyInto(out *AddonSpec) { *out = *in out.ImageOverrideTrait = in.ImageOverrideTrait + if in.ExtraEnvs != nil { + in, out := &in.ExtraEnvs, &out.ExtraEnvs + *out = make([]corev1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AddonSpec. @@ -154,7 +161,7 @@ func (in *AddonsSpec) DeepCopyInto(out *AddonsSpec) { if in.CoreDNS != nil { in, out := &in.CoreDNS, &out.CoreDNS *out = new(AddonSpec) - **out = **in + (*in).DeepCopyInto(*out) } if in.Konnectivity != nil { in, out := &in.Konnectivity, &out.Konnectivity @@ -164,7 +171,7 @@ func (in *AddonsSpec) DeepCopyInto(out *AddonsSpec) { if in.KubeProxy != nil { in, out := &in.KubeProxy, &out.KubeProxy *out = new(AddonSpec) - **out = **in + (*in).DeepCopyInto(*out) } } @@ -958,6 +965,13 @@ func (in *KonnectivityAgentSpec) DeepCopyInto(out *KonnectivityAgentSpec) { *out = make(ExtraArgs, len(*in)) copy(*out, *in) } + if in.ExtraEnvs != nil { + in, out := &in.ExtraEnvs, &out.ExtraEnvs + *out = make([]corev1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } if in.Replicas != nil { in, out := &in.Replicas, &out.Replicas *out = new(int32) @@ -1019,6 +1033,13 @@ func (in *KonnectivityServerSpec) DeepCopyInto(out *KonnectivityServerSpec) { *out = make(ExtraArgs, len(*in)) copy(*out, *in) } + if in.ExtraEnvs != nil { + in, out := &in.ExtraEnvs, &out.ExtraEnvs + *out = make([]corev1.EnvVar, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KonnectivityServerSpec. diff --git a/charts/kamaji-crds/hack/kamaji.clastix.io_tenantcontrolplanes_spec.yaml b/charts/kamaji-crds/hack/kamaji.clastix.io_tenantcontrolplanes_spec.yaml index 43fbc59a..3e2eacd9 100644 --- a/charts/kamaji-crds/hack/kamaji.clastix.io_tenantcontrolplanes_spec.yaml +++ b/charts/kamaji-crds/hack/kamaji.clastix.io_tenantcontrolplanes_spec.yaml @@ -71,6 +71,152 @@ versions: Enables the DNS addon in the Tenant Cluster. The registry and the tag are configurable, the image is hard-coded to `coredns`. properties: + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array imageRepository: description: |- ImageRepository sets the container registry to pull images from. @@ -99,6 +245,152 @@ versions: items: type: string type: array + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array hostNetwork: default: false description: |- @@ -194,6 +486,152 @@ versions: items: type: string type: array + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: default: registry.k8s.io/kas-network-proxy/proxy-server description: Container image used by the Konnectivity server. @@ -277,6 +715,152 @@ versions: Enables the kube-proxy addon in the Tenant Cluster. The registry and the tag are configurable, the image is hard-coded to `kube-proxy`. properties: + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array imageRepository: description: |- ImageRepository sets the container registry to pull images from. diff --git a/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml b/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml index 506d4379..141e62fa 100644 --- a/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml +++ b/charts/kamaji/crds/kamaji.clastix.io_tenantcontrolplanes.yaml @@ -79,6 +79,152 @@ spec: Enables the DNS addon in the Tenant Cluster. The registry and the tag are configurable, the image is hard-coded to `coredns`. properties: + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array imageRepository: description: |- ImageRepository sets the container registry to pull images from. @@ -107,6 +253,152 @@ spec: items: type: string type: array + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array hostNetwork: default: false description: |- @@ -202,6 +494,152 @@ spec: items: type: string type: array + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array image: default: registry.k8s.io/kas-network-proxy/proxy-server description: Container image used by the Konnectivity server. @@ -285,6 +723,152 @@ spec: Enables the kube-proxy addon in the Tenant Cluster. The registry and the tag are configurable, the image is hard-coded to `kube-proxy`. properties: + extraEnvs: + items: + description: EnvVar represents an environment variable present in a Container. + properties: + name: + description: |- + Name of the environment variable. + May consist of any printable ASCII characters except '='. + type: string + value: + description: |- + Variable references $(VAR_NAME) are expanded + using the previously defined environment variables in the container and + any service environment variables. If a variable cannot be resolved, + the reference in the input string will be unchanged. Double $$ are reduced + to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. + "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". + Escaped references will never be expanded, regardless of whether the variable + exists or not. + Defaults to "". + type: string + valueFrom: + description: Source for the environment variable's value. Cannot be used if value is not empty. + properties: + configMapKeyRef: + description: Selects a key of a ConfigMap. + properties: + key: + description: The key to select. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the ConfigMap or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + fieldRef: + description: |- + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, + spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + properties: + apiVersion: + description: Version of the schema the FieldPath is written in terms of, defaults to "v1". + type: string + fieldPath: + description: Path of the field to select in the specified API version. + type: string + required: + - fieldPath + type: object + x-kubernetes-map-type: atomic + fileKeyRef: + description: |- + FileKeyRef selects a key of the env file. + Requires the EnvFiles feature gate to be enabled. + properties: + key: + description: |- + The key within the env file. An invalid key will prevent the pod from starting. + The keys defined within a source may consist of any printable ASCII characters except '='. + During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters. + type: string + optional: + default: false + description: |- + Specify whether the file or its key must be defined. If the file or key + does not exist, then the env var is not published. + If optional is set to true and the specified key does not exist, + the environment variable will not be set in the Pod's containers. + + If optional is set to false and the specified key does not exist, + an error will be returned during Pod creation. + type: boolean + path: + description: |- + The path within the volume from which to select the file. + Must be relative and may not contain the '..' path or start with '..'. + type: string + volumeName: + description: The name of the volume mount containing the env file. + type: string + required: + - key + - path + - volumeName + type: object + x-kubernetes-map-type: atomic + resourceFieldRef: + description: |- + Selects a resource of the container: only resources limits and requests + (limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + properties: + containerName: + description: 'Container name: required for volumes, optional for env vars' + type: string + divisor: + anyOf: + - type: integer + - type: string + description: Specifies the output format of the exposed resources, defaults to "1" + pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$ + x-kubernetes-int-or-string: true + resource: + description: 'Required: resource to select' + type: string + required: + - resource + type: object + x-kubernetes-map-type: atomic + secretKeyRef: + description: Selects a key of a secret in the pod's namespace + properties: + key: + description: The key of the secret to select from. Must be a valid secret key. + type: string + name: + default: "" + description: |- + Name of the referent. + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + type: string + optional: + description: Specify whether the Secret or its key must be defined + type: boolean + required: + - key + type: object + x-kubernetes-map-type: atomic + type: object + required: + - name + type: object + type: array imageRepository: description: |- ImageRepository sets the container registry to pull images from. diff --git a/docs/content/reference/api.md b/docs/content/reference/api.md index f97cc93e..467d1854 100644 --- a/docs/content/reference/api.md +++ b/docs/content/reference/api.md @@ -41930,6 +41930,13 @@ The registry and the tag are configurable, the image is hard-coded to `coredns`. + extraEnvs + []object + +
+ + false + imageRepository string @@ -41949,10 +41956,10 @@ In case this value is set, kubeadm does not change automatically the version of -`TenantControlPlane.spec.addons.konnectivity` +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index]` -Enables the Konnectivity addon in the Tenant Cluster, required if the worker nodes are in a different network. +EnvVar represents an environment variable present in a Container. @@ -41964,31 +41971,43 @@ Enables the Konnectivity addon in the Tenant Cluster, required if the worker nod - - + + + + + + + - +
agentobjectnamestring -
-
- Default: map[image:registry.k8s.io/kas-network-proxy/proxy-agent mode:DaemonSet]
+ Name of the environment variable. +May consist of any printable ASCII characters except '='.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
 false
servervalueFrom object -
-
- Default: map[image:registry.k8s.io/kas-network-proxy/proxy-server port:8132]
+ Source for the environment variable's value. Cannot be used if value is not empty.
 false
-`TenantControlPlane.spec.addons.konnectivity.agent` - +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index].valueFrom` +Source for the environment variable's value. Cannot be used if value is not empty. @@ -42000,85 +42019,51 @@ Enables the Konnectivity addon in the Tenant Cluster, required if the worker nod - - - - - - - - - - - - + + - - + + - - + + - - + + - - + +
extraArgs[]string - ExtraArgs allows adding additional arguments to said component. -WARNING - This option can override existing konnectivity -parameters and cause konnectivity components to misbehave in -unxpected ways. Only modify if you know what you are doing.
- 		false
hostNetworkboolean - HostNetwork enables the konnectivity agent to use the Host network namespace. -By enabling this mode, the Agent doesn't need to wait for the CNI initialisation, -enabling a sort of out-of-band access to nodes for troubleshooting scenarios, -or when the agent needs direct access to the host network.
-
- Default: false
- 		false
imagestringconfigMapKeyRefobject - AgentImage defines the container image for Konnectivity's agent.
-
- Default: registry.k8s.io/kas-network-proxy/proxy-agent
+ Selects a key of a ConfigMap.
 false
modeenumfieldRefobject - Mode allows specifying the Agent deployment mode: Deployment, or DaemonSet (default).
-
- Enum: DaemonSet, Deployment
- Default: DaemonSet
+ Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
 false
replicasintegerfileKeyRefobject - Replicas defines the number of replicas when Mode is Deployment. -Must be 0 if Mode is DaemonSet.
-
- Format: int32
+ FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled.
 false
tolerations[]objectresourceFieldRefobject - Tolerations for the deployed agent. -Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted.
-
- Default: [map[key:CriticalAddonsOnly operator:Exists]]
+ Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
 false
versionstringsecretKeyRefobject - Version for Konnectivity agent. -If left empty, Kamaji will automatically inflect the version from the deployed Tenant Control Plane. - -WARNING: for last cut-off releases, the container image could be not available.
+ Selects a key of a secret in the pod's namespace
 false
-`TenantControlPlane.spec.addons.konnectivity.agent.tolerations[index]` +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index].valueFrom.configMapKeyRef` -The pod this Toleration is attached to tolerates any taint that matches -the triple using the matching operator . +Selects a key of a ConfigMap. @@ -42090,60 +42075,41 @@ the triple using the matching operator . - - - - - - + - + - - - - - - - + +
effectstring - Effect indicates the taint effect to match. Empty means match all taint effects. -When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
- 		false
key string - Key is the taint key that the toleration applies to. Empty means match all taint keys. -If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ The key to select.
falsetrue
operatorname string - Operator represents a key's relationship to the value. -Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. -Exists is equivalent to wildcard for value, so that a pod can -tolerate all taints of a particular category. -Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
- 		false
tolerationSecondsinteger - TolerationSeconds represents the period of time the toleration (which must be -of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, -it is not set, which means tolerate the taint forever (do not evict). Zero and -negative values will be treated as 0 (evict immediately) by the system.
+ Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names

- Format: int64
+ Default:
false
valuestringoptionalboolean - Value is the taint value the toleration matches to. -If the operator is Exists, the value should be empty, otherwise just a regular string.
+ Specify whether the ConfigMap or its key must be defined
 false
-`TenantControlPlane.spec.addons.konnectivity.server` - +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index].valueFrom.fieldRef` +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. @@ -42155,58 +42121,28 @@ If the operator is Exists, the value should be empty, otherwise just a regular s - - - - - - - - - - - + - - - - - - + - +
portinteger - The port which Konnectivity server is listening to.
-
- Format: int32
- 		true
extraArgs[]string - ExtraArgs allows adding additional arguments to said component. -WARNING - This option can override existing konnectivity -parameters and cause konnectivity components to misbehave in -unxpected ways. Only modify if you know what you are doing.
- 		false
imagefieldPath string - Container image used by the Konnectivity server.
-
- Default: registry.k8s.io/kas-network-proxy/proxy-server
- 		false
resourcesobject - Resources define the amount of CPU and memory to allocate to the Konnectivity server.
+ Path of the field to select in the specified API version.
falsetrue
versionapiVersion string - Container image version of the Konnectivity server. -If left empty, Kamaji will automatically inflect the version from the deployed Tenant Control Plane. - -WARNING: for last cut-off releases, the container image could be not available.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-`TenantControlPlane.spec.addons.konnectivity.server.resources` +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index].valueFrom.fileKeyRef` -Resources define the amount of CPU and memory to allocate to the Konnectivity server. +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. @@ -42218,44 +42154,53 @@ Resources define the amount of CPU and memory to allocate to the Konnectivity se - - + + - + - - + + - + - - + + + + + + +
claims[]objectkeystring - Claims lists the names of resources, defined in spec.resourceClaims, -that are used by this container. - -This field depends on the -DynamicResourceAllocation feature gate. - -This field is immutable. It can only be set for containers.
+ The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
falsetrue
limitsmap[string]int or stringpathstring - Limits describes the maximum amount of compute resources allowed. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'.
falsetrue
requestsmap[string]int or stringvolumeNamestring - Requests describes the minimum amount of compute resources required. -If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, -otherwise to an implementation-defined value. Requests cannot exceed Limits. -More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ The name of the volume mount containing the env file.
+ 		true
optionalboolean + Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation.
+
+ Default: false
 false
-`TenantControlPlane.spec.addons.konnectivity.server.resources.claims[index]` +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index].valueFrom.resourceFieldRef` -ResourceClaim references one entry in PodSpec.ResourceClaims. +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. @@ -42267,32 +42212,1307 @@ ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + +
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +`TenantControlPlane.spec.addons.coreDNS.extraEnvs[index].valueFrom.secretKeyRef` + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity` + + +Enables the Konnectivity addon in the Tenant Cluster, required if the worker nodes are in a different network. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
agentobject +
+
+ Default: map[image:registry.k8s.io/kas-network-proxy/proxy-agent mode:DaemonSet]
+ 		false
serverobject +
+
+ Default: map[image:registry.k8s.io/kas-network-proxy/proxy-server port:8132]
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
extraArgs[]string + ExtraArgs allows adding additional arguments to said component. +WARNING - This option can override existing konnectivity +parameters and cause konnectivity components to misbehave in +unxpected ways. Only modify if you know what you are doing.
+ 		false
extraEnvs[]object +
+ 		false
hostNetworkboolean + HostNetwork enables the konnectivity agent to use the Host network namespace. +By enabling this mode, the Agent doesn't need to wait for the CNI initialisation, +enabling a sort of out-of-band access to nodes for troubleshooting scenarios, +or when the agent needs direct access to the host network.
+
+ Default: false
+ 		false
imagestring + AgentImage defines the container image for Konnectivity's agent.
+
+ Default: registry.k8s.io/kas-network-proxy/proxy-agent
+ 		false
modeenum + Mode allows specifying the Agent deployment mode: Deployment, or DaemonSet (default).
+
+ Enum: DaemonSet, Deployment
+ Default: DaemonSet
+ 		false
replicasinteger + Replicas defines the number of replicas when Mode is Deployment. +Must be 0 if Mode is DaemonSet.
+
+ Format: int32
+ 		false
tolerations[]object + Tolerations for the deployed agent. +Can be customized to start the konnectivity-agent even if the nodes are not ready or tainted.
+
+ Default: [map[key:CriticalAddonsOnly operator:Exists]]
+ 		false
versionstring + Version for Konnectivity agent. +If left empty, Kamaji will automatically inflect the version from the deployed Tenant Control Plane. + +WARNING: for last cut-off releases, the container image could be not available.
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index]` + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. +May consist of any printable ASCII characters except '='.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index].valueFrom` + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
fileKeyRefobject + FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index].valueFrom.configMapKeyRef` + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index].valueFrom.fieldRef` + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index].valueFrom.fileKeyRef` + + +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ 		true
pathstring + The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'.
+ 		true
volumeNamestring + The name of the volume mount containing the env file.
+ 		true
optionalboolean + Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation.
+
+ Default: false
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index].valueFrom.resourceFieldRef` + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.extraEnvs[index].valueFrom.secretKeyRef` + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.agent.tolerations[index]` + + +The pod this Toleration is attached to tolerates any taint that matches +the triple using the matching operator . + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
effectstring + Effect indicates the taint effect to match. Empty means match all taint effects. +When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.
+ 		false
keystring + Key is the taint key that the toleration applies to. Empty means match all taint keys. +If the key is empty, operator must be Exists; this combination means to match all values and all keys.
+ 		false
operatorstring + Operator represents a key's relationship to the value. +Valid operators are Exists, Equal, Lt, and Gt. Defaults to Equal. +Exists is equivalent to wildcard for value, so that a pod can +tolerate all taints of a particular category. +Lt and Gt perform numeric comparisons (requires feature gate TaintTolerationComparisonOperators).
+ 		false
tolerationSecondsinteger + TolerationSeconds represents the period of time the toleration (which must be +of effect NoExecute, otherwise this field is ignored) tolerates the taint. By default, +it is not set, which means tolerate the taint forever (do not evict). Zero and +negative values will be treated as 0 (evict immediately) by the system.
+
+ Format: int64
+ 		false
valuestring + Value is the taint value the toleration matches to. +If the operator is Exists, the value should be empty, otherwise just a regular string.
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server` + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
portinteger + The port which Konnectivity server is listening to.
+
+ Format: int32
+ 		true
extraArgs[]string + ExtraArgs allows adding additional arguments to said component. +WARNING - This option can override existing konnectivity +parameters and cause konnectivity components to misbehave in +unxpected ways. Only modify if you know what you are doing.
+ 		false
extraEnvs[]object +
+ 		false
imagestring + Container image used by the Konnectivity server.
+
+ Default: registry.k8s.io/kas-network-proxy/proxy-server
+ 		false
resourcesobject + Resources define the amount of CPU and memory to allocate to the Konnectivity server.
+ 		false
versionstring + Container image version of the Konnectivity server. +If left empty, Kamaji will automatically inflect the version from the deployed Tenant Control Plane. + +WARNING: for last cut-off releases, the container image could be not available.
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index]` + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. +May consist of any printable ASCII characters except '='.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index].valueFrom` + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
fileKeyRefobject + FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index].valueFrom.configMapKeyRef` + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index].valueFrom.fieldRef` + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
+ 		true
apiVersionstring + Version of the schema the FieldPath is written in terms of, defaults to "v1".
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index].valueFrom.fileKeyRef` + + +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ 		true
pathstring + The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'.
+ 		true
volumeNamestring + The name of the volume mount containing the env file.
+ 		true
optionalboolean + Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation.
+
+ Default: false
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index].valueFrom.resourceFieldRef` + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
+ 		false
divisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.extraEnvs[index].valueFrom.secretKeyRef` + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.resources` + + +Resources define the amount of CPU and memory to allocate to the Konnectivity server. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
claims[]object + Claims lists the names of resources, defined in spec.resourceClaims, +that are used by this container. + +This field depends on the +DynamicResourceAllocation feature gate. + +This field is immutable. It can only be set for containers.
+ 		false
limitsmap[string]int or string + Limits describes the maximum amount of compute resources allowed. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
requestsmap[string]int or string + Requests describes the minimum amount of compute resources required. +If Requests is omitted for a container, it defaults to Limits if that is explicitly specified, +otherwise to an implementation-defined value. Requests cannot exceed Limits. +More info: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
+ 		false
+ + +`TenantControlPlane.spec.addons.konnectivity.server.resources.claims[index]` + + +ResourceClaim references one entry in PodSpec.ResourceClaims. + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name must match the name of one entry in pod.spec.resourceClaims of +the Pod where this field is used. It makes that resource available +inside a container.
+ 		true
requeststring + Request is the name chosen for a request in the referenced claim. +If empty, everything from the claim is made available, otherwise +only the result of this request.
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy` + + +Enables the kube-proxy addon in the Tenant Cluster. +The registry and the tag are configurable, the image is hard-coded to `kube-proxy`. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
extraEnvs[]object +
+ 		false
imageRepositorystring + ImageRepository sets the container registry to pull images from. +if not set, the default ImageRepository will be used instead.
+ 		false
imageTagstring + ImageTag allows to specify a tag for the image. +In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index]` + + +EnvVar represents an environment variable present in a Container. + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
namestring + Name of the environment variable. +May consist of any printable ASCII characters except '='.
+ 		true
valuestring + Variable references $(VAR_NAME) are expanded +using the previously defined environment variables in the container and +any service environment variables. If a variable cannot be resolved, +the reference in the input string will be unchanged. Double $$ are reduced +to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. +"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)". +Escaped references will never be expanded, regardless of whether the variable +exists or not. +Defaults to "".
+ 		false
valueFromobject + Source for the environment variable's value. Cannot be used if value is not empty.
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index].valueFrom` + + +Source for the environment variable's value. Cannot be used if value is not empty. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
configMapKeyRefobject + Selects a key of a ConfigMap.
+ 		false
fieldRefobject + Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs.
+ 		false
fileKeyRefobject + FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled.
+ 		false
resourceFieldRefobject + Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported.
+ 		false
secretKeyRefobject + Selects a key of a secret in the pod's namespace
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index].valueFrom.configMapKeyRef` + + +Selects a key of a ConfigMap. + + + + + + + + + + + + + + + + + + + + + + + +
NameTypeDescriptionRequired
keystring + The key to select.
+ 		true
name string - Name must match the name of one entry in pod.spec.resourceClaims of -the Pod where this field is used. It makes that resource available -inside a container.
+ Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the ConfigMap or its key must be defined
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index].valueFrom.fieldRef` + + +Selects a field of the pod: supports metadata.name, metadata.namespace, `metadata.labels['']`, `metadata.annotations['']`, +spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP, status.podIPs. + + + + + + + + + + + + + + - +
NameTypeDescriptionRequired
fieldPathstring + Path of the field to select in the specified API version.
 true
requestapiVersion string - Request is the name chosen for a request in the referenced claim. -If empty, everything from the claim is made available, otherwise -only the result of this request.
+ Version of the schema the FieldPath is written in terms of, defaults to "v1".
 false
-`TenantControlPlane.spec.addons.kubeProxy` +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index].valueFrom.fileKeyRef` -Enables the kube-proxy addon in the Tenant Cluster. -The registry and the tag are configurable, the image is hard-coded to `kube-proxy`. +FileKeyRef selects a key of the env file. +Requires the EnvFiles feature gate to be enabled. @@ -42304,19 +43524,127 @@ The registry and the tag are configurable, the image is hard-coded to `kube-prox - + + + + + + + + + + + + + + + + + + +
imageRepositorykey string - ImageRepository sets the container registry to pull images from. -if not set, the default ImageRepository will be used instead.
+ The key within the env file. An invalid key will prevent the pod from starting. +The keys defined within a source may consist of any printable ASCII characters except '='. +During Alpha stage of the EnvFiles feature gate, the key size is limited to 128 characters.
+ 		true
pathstring + The path within the volume from which to select the file. +Must be relative and may not contain the '..' path or start with '..'.
+ 		true
volumeNamestring + The name of the volume mount containing the env file.
+ 		true
optionalboolean + Specify whether the file or its key must be defined. If the file or key +does not exist, then the env var is not published. +If optional is set to true and the specified key does not exist, +the environment variable will not be set in the Pod's containers. + +If optional is set to false and the specified key does not exist, +an error will be returned during Pod creation.
+
+ Default: false
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index].valueFrom.resourceFieldRef` + + +Selects a resource of the container: only resources limits and requests +(limits.cpu, limits.memory, limits.ephemeral-storage, requests.cpu, requests.memory and requests.ephemeral-storage) are currently supported. + + + + + + + + + + + + + + + + + + + - + + + + + +
NameTypeDescriptionRequired
resourcestring + Required: resource to select
+ 		true
containerNamestring + Container name: required for volumes, optional for env vars
 false
imageTagdivisorint or string + Specifies the output format of the exposed resources, defaults to "1"
+ 		false
+ + +`TenantControlPlane.spec.addons.kubeProxy.extraEnvs[index].valueFrom.secretKeyRef` + + +Selects a key of a secret in the pod's namespace + + + + + + + + + + + + + + + + + + + + + + diff --git a/e2e/tcp_addon_extraenv_test.go b/e2e/tcp_addon_extraenv_test.go new file mode 100644 index 00000000..aa70fc26 --- /dev/null +++ b/e2e/tcp_addon_extraenv_test.go @@ -0,0 +1,208 @@ +// Copyright 2022 Clastix Labs +// SPDX-License-Identifier: Apache-2.0 + +package e2e + +import ( + "context" + "os" + "time" + + . "github.com/onsi/ginkgo/v2" + . "github.com/onsi/gomega" + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/kubernetes" + + kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" +) + +var _ = Describe("Deploy TenantControlPlane addons with custom env vars", func() { + ctx := context.Background() + + var kubeconfigFile *os.File + var tcp *kamajiv1alpha1.TenantControlPlane + + // Delete the TenantControlPlane resource after test is finished + JustAfterEach(func() { + Expect(os.Remove(kubeconfigFile.Name())).ToNot(HaveOccurred()) + Expect(k8sClient.Delete(ctx, tcp)).Should(Succeed()) + }) + + // Check TenantControlPlane CoreDNS addon + It("Should handle CoreDNS extra env var configuration", func() { + By("creating TCP with default CoreDNS addon configuration", func() { + tcp = CreateKindTCPWithAddons("default", "tcp-coredns-extra-env-var", kamajiv1alpha1.AddonsSpec{CoreDNS: &kamajiv1alpha1.AddonSpec{}}) + + Expect(k8sClient.Create(ctx, tcp)).NotTo(HaveOccurred()) + StatusMustEqualTo(tcp, kamajiv1alpha1.VersionReady) + }) + + var clientset *kubernetes.Clientset + + By("getting TCP clientset", func() { + clientset, kubeconfigFile = GetTenantClientSet(tcp) + }) + + By("checking env vars for default CoreDNS deployment are empty", func() { + CheckTemplateContainerEnvVars(clientset, "Deployment", "kube-system", "coredns", "coredns", []corev1.EnvVar{}, true) + }) + + extraVars := []corev1.EnvVar{{Name: "MY_VAR", Value: "MY_VALUE"}} + + By("adding extra env vars for CoreDNS", func() { + updatedTCP := &kamajiv1alpha1.TenantControlPlane{} + + Eventually(func() error { + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: tcp.Name, Namespace: tcp.Namespace}, updatedTCP)).Should(Succeed()) + updatedTCP.Spec.Addons.CoreDNS = &kamajiv1alpha1.AddonSpec{ExtraEnvs: extraVars} + + return k8sClient.Update(ctx, updatedTCP) + }).WithTimeout(1 * time.Minute).WithPolling(30 * time.Second).Should(Succeed()) + + StatusMustEqualTo(updatedTCP, kamajiv1alpha1.VersionReady) + }) + + By("checking extra env vars for updated CoreDNS deployment are present", func() { + CheckTemplateContainerEnvVars(clientset, "Deployment", "kube-system", "coredns", "coredns", extraVars, false) + }) + }) + + // Check TenantControlPlane Konnectivity addon + It("Should handle Konnectivity extra env var configuration", func() { + By("creating TCP with default Konnectivity addon configuration", func() { + konnectivityAddon := &kamajiv1alpha1.KonnectivitySpec{ + KonnectivityServerSpec: kamajiv1alpha1.KonnectivityServerSpec{ + Port: 30132, + }, + } + + tcp = CreateKindTCPWithAddons("default", "tcp-konnectivity-extra-env-var", kamajiv1alpha1.AddonsSpec{Konnectivity: konnectivityAddon}) + + Expect(k8sClient.Create(ctx, tcp)).NotTo(HaveOccurred()) + StatusMustEqualTo(tcp, kamajiv1alpha1.VersionReady) + }) + + var clientset *kubernetes.Clientset + + By("getting TCP clientset", func() { + clientset, kubeconfigFile = GetTenantClientSet(tcp) + }) + + By("checking env vars for default Konnectivity agent are empty", func() { + CheckTemplateContainerEnvVars(clientset, "DaemonSet", "kube-system", "konnectivity-agent", "konnectivity-agent", []corev1.EnvVar{}, true) + }) + + By("checking env vars for default Konnectivity server are empty", func() { + CheckTCPContainerEnvVars(k8sClient, *tcp, "konnectivity-server", []corev1.EnvVar{}, true) + }) + + extraVars := []corev1.EnvVar{{Name: "MY_VAR", Value: "MY_VALUE"}} + + By("adding extra env vars for Konnectivy server", func() { + updatedTCP := &kamajiv1alpha1.TenantControlPlane{} + + Eventually(func() error { + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: tcp.Name, Namespace: tcp.Namespace}, updatedTCP)).Should(Succeed()) + updatedTCP.Spec.Addons.Konnectivity = &kamajiv1alpha1.KonnectivitySpec{ + KonnectivityServerSpec: kamajiv1alpha1.KonnectivityServerSpec{ + Port: 30132, + ExtraEnvs: extraVars, + }, + } + + return k8sClient.Update(ctx, updatedTCP) + }).WithTimeout(1 * time.Minute).WithPolling(30 * time.Second).Should(Succeed()) + + StatusMustEqualTo(updatedTCP, kamajiv1alpha1.VersionReady) + }) + + By("checking env vars for updated Konnectivity agent are still empty", func() { + CheckTemplateContainerEnvVars(clientset, "DaemonSet", "kube-system", "konnectivity-agent", "konnectivity-agent", []corev1.EnvVar{}, true) + }) + + By("checking extra env vars for updated Konnectivity server are present", func() { + CheckTCPContainerEnvVars(k8sClient, *tcp, "konnectivity-server", extraVars, false) + }) + + By("adding extra env vars for Konnectivy agent", func() { + updatedTCP := &kamajiv1alpha1.TenantControlPlane{} + + Eventually(func() error { + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: tcp.Name, Namespace: tcp.Namespace}, updatedTCP)).Should(Succeed()) + updatedTCP.Spec.Addons.Konnectivity = &kamajiv1alpha1.KonnectivitySpec{ + KonnectivityAgentSpec: kamajiv1alpha1.KonnectivityAgentSpec{ + ExtraEnvs: extraVars, + }, + KonnectivityServerSpec: kamajiv1alpha1.KonnectivityServerSpec{ + Port: 30132, + ExtraEnvs: extraVars, + }, + } + + return k8sClient.Update(ctx, updatedTCP) + }).WithTimeout(1 * time.Minute).WithPolling(30 * time.Second).Should(Succeed()) + + StatusMustEqualTo(updatedTCP, kamajiv1alpha1.VersionReady) + }) + + By("checking extra env vars for updated Konnectivity agent are present", func() { + CheckTemplateContainerEnvVars(clientset, "DaemonSet", "kube-system", "konnectivity-agent", "konnectivity-agent", extraVars, false) + }) + + By("checking extra env vars for updated Konnectivity server are still present", func() { + CheckTCPContainerEnvVars(k8sClient, *tcp, "konnectivity-server", extraVars, false) + }) + }) + + // Check TenantControlPlane KubeProxy addon + It("Should handle KubeProxy extra env var configuration", func() { + By("creating TCP with default KubeProxy addon configuration", func() { + tcp = CreateKindTCPWithAddons("default", "tcp-kubeproxy-extra-env-var", kamajiv1alpha1.AddonsSpec{KubeProxy: &kamajiv1alpha1.AddonSpec{}}) + + Expect(k8sClient.Create(ctx, tcp)).NotTo(HaveOccurred()) + StatusMustEqualTo(tcp, kamajiv1alpha1.VersionReady) + }) + + var clientset *kubernetes.Clientset + + By("getting TCP clientset", func() { + clientset, kubeconfigFile = GetTenantClientSet(tcp) + }) + + defaultVars := []corev1.EnvVar{ + { + Name: "NODE_NAME", + ValueFrom: &corev1.EnvVarSource{ + FieldRef: &corev1.ObjectFieldSelector{ + APIVersion: "v1", + FieldPath: "spec.nodeName", + }, + }, + }, + } + + By("checking env vars for default KubeProxy DaemonSet are set to defaults", func() { + CheckTemplateContainerEnvVars(clientset, "DaemonSet", "kube-system", "kube-proxy", "kube-proxy", defaultVars, true) + }) + + extraVars := []corev1.EnvVar{{Name: "MY_VAR", Value: "MY_VALUE"}} + + By("adding extra env vars for KubeProxy", func() { + updatedTCP := &kamajiv1alpha1.TenantControlPlane{} + + Eventually(func() error { + Expect(k8sClient.Get(ctx, types.NamespacedName{Name: tcp.Name, Namespace: tcp.Namespace}, updatedTCP)).Should(Succeed()) + updatedTCP.Spec.Addons.KubeProxy = &kamajiv1alpha1.AddonSpec{ExtraEnvs: extraVars} + + return k8sClient.Update(ctx, updatedTCP) + }).WithTimeout(1 * time.Minute).WithPolling(30 * time.Second).Should(Succeed()) + + StatusMustEqualTo(updatedTCP, kamajiv1alpha1.VersionReady) + }) + + By("checking extra env vars for updated KubeProxy deployment are present", func() { + CheckTemplateContainerEnvVars(clientset, "DaemonSet", "kube-system", "kube-proxy", "kube-proxy", extraVars, false) + }) + }) +}) diff --git a/e2e/utils_test.go b/e2e/utils_test.go index be1053e0..201788c9 100644 --- a/e2e/utils_test.go +++ b/e2e/utils_test.go @@ -8,22 +8,27 @@ import ( "context" "fmt" "io" + "os" "os/exec" "time" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + gomegaTypes "github.com/onsi/gomega/types" + appsv1 "k8s.io/api/apps/v1" corev1 "k8s.io/api/core/v1" discoveryv1 "k8s.io/api/discovery/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/util/retry" pointer "k8s.io/utils/ptr" "sigs.k8s.io/controller-runtime/pkg/client" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" kamajiv1alpha1 "github.com/clastix/kamaji/api/v1alpha1" + "github.com/clastix/kamaji/internal/utilities" ) func GetKindIPAddress() string { @@ -33,6 +38,41 @@ func GetKindIPAddress() string { return ep.Endpoints[0].Addresses[0] } +func CreateKindTCPWithAddons(tcpNamespace string, tcpName string, addons kamajiv1alpha1.AddonsSpec) *kamajiv1alpha1.TenantControlPlane { + return &kamajiv1alpha1.TenantControlPlane{ + ObjectMeta: metav1.ObjectMeta{ + Name: tcpName, + Namespace: tcpNamespace, + }, + Spec: kamajiv1alpha1.TenantControlPlaneSpec{ + ControlPlane: kamajiv1alpha1.ControlPlane{ + Deployment: kamajiv1alpha1.DeploymentSpec{ + Replicas: pointer.To(int32(1)), + }, + Service: kamajiv1alpha1.ServiceSpec{ + ServiceType: "NodePort", + }, + }, + NetworkProfile: kamajiv1alpha1.NetworkProfileSpec{ + Address: GetKindIPAddress(), + AllowAddressAsExternalIP: true, + Port: 30001, + }, + Kubernetes: kamajiv1alpha1.KubernetesSpec{ + Version: "v1.28.0", + Kubelet: kamajiv1alpha1.KubeletSpec{ + CGroupFS: "cgroupfs", + }, + AdmissionControllers: kamajiv1alpha1.AdmissionControllers{ + "LimitRanger", + "ResourceQuota", + }, + }, + Addons: addons, + }, + } +} + func PrintTenantControlPlaneInfo() { tcpList := &kamajiv1alpha1.TenantControlPlaneList{} Expect(k8sClient.List(context.Background(), tcpList)).ToNot(HaveOccurred()) @@ -268,3 +308,143 @@ func CreateGatewayWithListeners(gatewayName, namespace, gatewayClassName, hostna } Expect(k8sClient.Create(context.Background(), gateway)).NotTo(HaveOccurred()) } + +func GetTenantClientSet(tcp *kamajiv1alpha1.TenantControlPlane) (*kubernetes.Clientset, *os.File) { + GinkgoHelper() + + var clientset *kubernetes.Clientset + ctx := context.Background() + + kubeconfigFile, err := os.CreateTemp("", fmt.Sprintf("tcp-clientset-%s", string(tcp.ObjectMeta.UID))) + Expect(err).ToNot(HaveOccurred()) + + Eventually(func() (err error) { + if err := k8sClient.Get(ctx, types.NamespacedName{Namespace: tcp.GetNamespace(), Name: tcp.GetName()}, tcp); err != nil { + _, _ = fmt.Fprintln(GinkgoWriter, "DEBUG: cannot retrieve TCP:", err.Error()) + + return err + } + + secret := &corev1.Secret{} + + if err = k8sClient.Get(ctx, types.NamespacedName{Namespace: tcp.GetNamespace(), Name: tcp.Status.KubeConfig.Admin.SecretName}, secret); err != nil { + _, _ = fmt.Fprintln(GinkgoWriter, "DEBUG: cannot retrieve kubeconfig secret name:", err.Error()) + + return err + } + + _, err = kubeconfigFile.Write(secret.Data["admin.conf"]) + + return err + }, time.Minute, 5*time.Second).ShouldNot(HaveOccurred()) + + config, err := clientcmd.BuildConfigFromFlags("", kubeconfigFile.Name()) + Expect(err).ToNot(HaveOccurred()) + + clientset, err = kubernetes.NewForConfig(config) + Expect(err).ToNot(HaveOccurred()) + + return clientset, kubeconfigFile +} + +func GetDaemonSetContainers(clientset *kubernetes.Clientset, namespace string, name string) []corev1.Container { + var daemonSet *appsv1.DaemonSet + var err error + + Eventually(func() error { + daemonSet, err = clientset.AppsV1().DaemonSets(namespace).Get(context.Background(), name, metav1.GetOptions{}) + + return err + }).WithTimeout(1 * time.Minute).WithPolling(10 * time.Second).To(Succeed()) + + return daemonSet.Spec.Template.Spec.Containers +} + +func GetDeploymentContainers(clientset *kubernetes.Clientset, namespace string, name string) []corev1.Container { + var deployment *appsv1.Deployment + var err error + + Eventually(func() error { + deployment, err = clientset.AppsV1().Deployments(namespace).Get(context.Background(), name, metav1.GetOptions{}) + + return err + }).WithTimeout(1 * time.Minute).WithPolling(10 * time.Second).To(Succeed()) + + return deployment.Spec.Template.Spec.Containers +} + +func CheckTemplateContainerEnvVars(clientset *kubernetes.Clientset, resourceKind string, resourceNamespace string, resourceName string, containerName string, expectedVars []corev1.EnvVar, only bool) { + GinkgoHelper() + + var envVarMatcher gomegaTypes.GomegaMatcher + + if only { + if len(expectedVars) > 0 { + envVarMatcher = HaveExactElements(expectedVars) + } else { + envVarMatcher = Or(BeNil(), BeEmpty()) + } + } else { + envVarMatcher = ContainElements(expectedVars) + } + + Eventually(func() []corev1.EnvVar { + var containers []corev1.Container + + By("getting containers for ressource", func() { + switch resourceKind { + case "DaemonSet": + containers = GetDaemonSetContainers(clientset, resourceNamespace, resourceName) + case "Deployment": + containers = GetDeploymentContainers(clientset, resourceNamespace, resourceName) + default: + containers = []corev1.Container{} + } + }) + + var container corev1.Container + + By("checking for named container", func() { + _, at := utilities.HasNamedContainer(containers, containerName) + container = containers[at] + }) + + return container.Env + }).WithTimeout(1 * time.Minute).WithPolling(10 * time.Second).To(envVarMatcher) +} + +func CheckTCPContainerEnvVars(k8sClient client.Client, tcp kamajiv1alpha1.TenantControlPlane, containerName string, expectedVars []corev1.EnvVar, only bool) { + GinkgoHelper() + + var envVarMatcher gomegaTypes.GomegaMatcher + + if only { + if len(expectedVars) > 0 { + envVarMatcher = HaveExactElements(expectedVars) + } else { + envVarMatcher = Or(BeNil(), BeEmpty()) + } + } else { + envVarMatcher = ContainElements(expectedVars) + } + + Eventually(func() []corev1.EnvVar { + var containers []corev1.Container + + By("getting containers for TCP deployment", func() { + tcpDeployment := appsv1.Deployment{} + Expect(k8sClient.Get(context.Background(), types.NamespacedName{Name: tcp.Name, Namespace: tcp.Namespace}, &tcpDeployment)).NotTo(HaveOccurred()) + + containers = tcpDeployment.Spec.Template.Spec.Containers + }) + + var container corev1.Container + + By("checking for named container", func() { + _, at := utilities.HasNamedContainer(containers, containerName) + container = containers[at] + }) + + return container.Env + }).WithTimeout(1 * time.Minute).WithPolling(10 * time.Second).To(envVarMatcher) +} diff --git a/internal/builders/controlplane/konnectivity_server.go b/internal/builders/controlplane/konnectivity_server.go index f4ed9977..2511d23c 100644 --- a/internal/builders/controlplane/konnectivity_server.go +++ b/internal/builders/controlplane/konnectivity_server.go @@ -75,6 +75,17 @@ func (k Konnectivity) buildKonnectivityContainer(tcpVersion string, addon *kamaj args["--server-count"] = fmt.Sprintf("%d", replicas) podSpec.Containers[index].Args = utilities.ArgsFromMapToSlice(args) + + envVars := utilities.EnvarsFromSliceToMap(podSpec.Containers[index].Env) + + extraEnvVars := utilities.EnvarsFromSliceToMap(addon.KonnectivityServerSpec.ExtraEnvs) + + for k, v := range extraEnvVars { + envVars[k] = v + } + + podSpec.Containers[index].Env = utilities.EnvarsFromMapToSlice(envVars) + podSpec.Containers[index].LivenessProbe = &corev1.Probe{ InitialDelaySeconds: 30, TimeoutSeconds: 60, diff --git a/internal/resources/addons/coredns.go b/internal/resources/addons/coredns.go index a0af973c..a6fabb66 100644 --- a/internal/resources/addons/coredns.go +++ b/internal/resources/addons/coredns.go @@ -245,6 +245,16 @@ func (c *CoreDNS) decodeManifests(ctx context.Context, tcp *kamajiv1alpha1.Tenan } addons_utils.SetKamajiManagedLabels(c.deployment) + envVars := utilities.EnvarsFromSliceToMap(c.deployment.Spec.Template.Spec.Containers[0].Env) + + extraEnvVars := utilities.EnvarsFromSliceToMap(tcp.Spec.Addons.CoreDNS.ExtraEnvs) + + for k, v := range extraEnvVars { + envVars[k] = v + } + + c.deployment.Spec.Template.Spec.Containers[0].Env = utilities.EnvarsFromMapToSlice(envVars) + if err = utilities.DecodeFromYAML(string(parts[2]), c.configMap); err != nil { return fmt.Errorf("unable to decode ConfigMap manifest: %w", err) } diff --git a/internal/resources/addons/kube_proxy.go b/internal/resources/addons/kube_proxy.go index 5e222b3f..c0028ff8 100644 --- a/internal/resources/addons/kube_proxy.go +++ b/internal/resources/addons/kube_proxy.go @@ -375,5 +375,15 @@ func (k *KubeProxy) decodeManifests(ctx context.Context, tcp *kamajiv1alpha1.Ten } addon_utils.SetKamajiManagedLabels(k.daemonSet) + envVars := utilities.EnvarsFromSliceToMap(k.daemonSet.Spec.Template.Spec.Containers[0].Env) + + extraEnvVars := utilities.EnvarsFromSliceToMap(tcp.Spec.Addons.KubeProxy.ExtraEnvs) + + for k, v := range extraEnvVars { + envVars[k] = v + } + + k.daemonSet.Spec.Template.Spec.Containers[0].Env = utilities.EnvarsFromMapToSlice(envVars) + return nil } diff --git a/internal/resources/konnectivity/agent.go b/internal/resources/konnectivity/agent.go index 8fe18570..e62137aa 100644 --- a/internal/resources/konnectivity/agent.go +++ b/internal/resources/konnectivity/agent.go @@ -269,6 +269,17 @@ func (r *Agent) mutate(ctx context.Context, tenantControlPlane *kamajiv1alpha1.T } podTemplateSpec.Spec.Containers[0].Args = utilities.ArgsFromMapToSlice(args) + + envVars := make(map[string]corev1.EnvVar) + + extraEnvs := utilities.EnvarsFromSliceToMap((tenantControlPlane.Spec.Addons.Konnectivity.KonnectivityAgentSpec.ExtraEnvs)) + + for k, v := range extraEnvs { + envVars[k] = v + } + + podTemplateSpec.Spec.Containers[0].Env = utilities.EnvarsFromMapToSlice(envVars) + podTemplateSpec.Spec.Containers[0].VolumeMounts = []corev1.VolumeMount{ { MountPath: "/var/run/secrets/tokens", diff --git a/internal/utilities/envvars.go b/internal/utilities/envvars.go new file mode 100644 index 00000000..4c67bf8f --- /dev/null +++ b/internal/utilities/envvars.go @@ -0,0 +1,34 @@ +// Copyright 2022 Clastix Labs +// SPDX-License-Identifier: Apache-2.0 + +package utilities + +import ( + "sort" + + corev1 "k8s.io/api/core/v1" +) + +// EnvarsFromSliceToMap transforms a slice of envvar into a map, simplifying the subsequent mangling. +func EnvarsFromSliceToMap(envs []corev1.EnvVar) (m map[string]corev1.EnvVar) { + m = make(map[string]corev1.EnvVar) + + for _, env := range envs { + m[env.Name] = env + } + + return m +} + +// EnvarsFromMapToSlice create the slice of env vars, and sorting the resulting output in order to make it idempotent. +func EnvarsFromMapToSlice(envs map[string]corev1.EnvVar) (slice []corev1.EnvVar) { + for _, env := range envs { + slice = append(slice, env) + } + + sort.Slice(slice, func(i, j int) bool { + return slice[i].Name < slice[j].Name + }) + + return slice +} diff --git a/internal/utilities/envvars_test.go b/internal/utilities/envvars_test.go new file mode 100644 index 00000000..c7d0b2c3 --- /dev/null +++ b/internal/utilities/envvars_test.go @@ -0,0 +1,79 @@ +// Copyright 2022 Clastix Labs +// SPDX-License-Identifier: Apache-2.0 + +package utilities + +import ( + "maps" + "slices" + "testing" + + corev1 "k8s.io/api/core/v1" +) + +type TestData struct { + Slice []corev1.EnvVar + Map map[string]corev1.EnvVar +} + +var testData map[string]TestData + +func init() { + testData = map[string]TestData{ + "empty slice": { + Slice: []corev1.EnvVar{}, + Map: map[string]corev1.EnvVar{}, + }, + + "regular slice": { + Slice: []corev1.EnvVar{ + { + Name: "var_0", + Value: "value_0", + }, + { + Name: "var_1", + Value: "value_1", + }, + { + Name: "var_2", + Value: "value_2", + }, + }, + Map: map[string]corev1.EnvVar{ + "var_2": { + Name: "var_2", + Value: "value_2", + }, + "var_0": { + Name: "var_0", + Value: "value_0", + }, + "var_1": { + Name: "var_1", + Value: "value_1", + }, + }, + }, + } +} + +func TestEnvarsFromSliceToMap(t *testing.T) { + for name, data := range testData { + result := EnvarsFromSliceToMap(data.Slice) + + if !maps.Equal(data.Map, result) { + t.Errorf("Failed %q test: expected result %+v, but got %+v", name, data.Map, result) + } + } +} + +func TestEnvarsFromMapToSlice(t *testing.T) { + for name, data := range testData { + result := EnvarsFromMapToSlice(data.Map) + + if !slices.Equal(data.Slice, result) { + t.Errorf("Failed %q test: expected result %+v, but got %+v", name, data.Slice, result) + } + } +} From 6fcbfe81eacf371af5bf6f6b885ac7ab612785f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Masset?= <86793256+smasset-orange@users.noreply.github.com> Date: Mon, 26 Jan 2026 16:29:08 +0100 Subject: [PATCH 2/2] feat(e2e): split e2e Make task to make local testing faster MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sébastien Masset <86793256+smasset-orange@users.noreply.github.com> --- Makefile | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index d97a1582..4eb49cca 100644 --- a/Makefile +++ b/Makefile @@ -265,16 +265,26 @@ cleanup: kind $(KIND) delete cluster --name kamaji .PHONY: e2e -e2e: env build load helm ginkgo cert-manager gateway-api envoy-gateway ## Create a KinD cluster, install Kamaji on it and run the test suite. +e2e: env e2e-setup e2e-test + +.PHONY: e2e-setup +e2e-setup: build load helm ginkgo cert-manager gateway-api envoy-gateway ## Create a KinD cluster, install Kamaji on it and run the test suite. $(HELM) upgrade --debug --install kamaji-crds ./charts/kamaji-crds --create-namespace --namespace kamaji-system $(HELM) repo add clastix https://clastix.github.io/charts $(HELM) dependency build ./charts/kamaji $(HELM) upgrade --debug --install kamaji ./charts/kamaji --create-namespace --namespace kamaji-system --set "image.tag=$(VERSION)" --set "image.pullPolicy=Never" --set "telemetry.disabled=true" $(MAKE) datastores - $(GINKGO) -v ./e2e ##@ Document +.PHONY: e2e-redeploy +e2e-redeploy: build load + $(HELM) upgrade --debug --install kamaji ./charts/kamaji --create-namespace --namespace kamaji-system --set "image.tag=$(VERSION)" --set "image.pullPolicy=Never" --set "telemetry.disabled=true" + +.PHONY: e2e-test +e2e-test: build load + $(GINKGO) -v ./e2e + CAPI_URL = https://github.com/clastix/cluster-api-control-plane-provider-kamaji.git CAPI_DIR := $(shell mktemp -d) CRDS_DIR := $(shell mktemp -d)
NameTypeDescriptionRequired
key string - ImageTag allows to specify a tag for the image. -In case this value is set, kubeadm does not change automatically the version of the above components during upgrades.
+ The key of the secret to select from. Must be a valid secret key.
+ 		true
namestring + Name of the referent. +This field is effectively required, but due to backwards compatibility is +allowed to be empty. Instances of this type with an empty value here are +almost certainly wrong. +More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+
+ Default:
+ 		false
optionalboolean + Specify whether the Secret or its key must be defined
 false