forked from goharbor/harbor-operator
-
Notifications
You must be signed in to change notification settings - Fork 0
/
chartmuseum_types.go
426 lines (333 loc) · 14.1 KB
/
chartmuseum_types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
package v1beta1
import (
harbormetav1 "github.com/plotly/harbor-operator/apis/meta/v1alpha1"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +genclient
// NOTE: json tags are required. Any new fields you add must have json tags for the fields to be serialized.
// +kubebuilder:object:root=true
// +kubebuilder:storageversion
// +k8s:openapi-gen=true
// +resource:path=chartmuseum
// +kubebuilder:subresource:status
// +kubebuilder:resource:categories="goharbor"
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="Timestamp representing the server time when this object was created. It is not guaranteed to be set in happens-before order across separate operations. Clients may not set this value. It is represented in RFC3339 form and is in UTC.",priority=1
// +kubebuilder:printcolumn:name="Failure",type=string,JSONPath=`.status.conditions[?(@.type=="Failed")].message`,description="Human readable message describing the failure",priority=5
// ChartMuseum is the Schema for the ChartMuseum API.
type ChartMuseum struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec ChartMuseumSpec `json:"spec,omitempty"`
Status harbormetav1.ComponentStatus `json:"status,omitempty"`
}
// +kubebuilder:object:root=true
// ChartMuseumList contains a list of ChartMuseum.
type ChartMuseumList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []ChartMuseum `json:"items"`
}
// ChartMuseumSpec defines the desired state of ChartMuseum.
type ChartMuseumSpec struct {
harbormetav1.ComponentSpec `json:",inline"`
CertificateInjection `json:",inline"`
// +kubebuilder:validation:Optional
Log ChartMuseumLogSpec `json:"log,omitempty"`
// +kubebuilder:validation:Optional
Authentication ChartMuseumAuthSpec `json:"authentication,omitempty"`
// +kubebuilder:validation:Optional
Server ChartMuseumServerSpec `json:"server,omitempty"`
// +kubebuilder:validation:Optional
// Disable some features
Disable ChartMuseumDisableSpec `json:"disable,omitempty"`
// +kubebuilder:validation:Optional
// Cache stores
Cache ChartMuseumCacheSpec `json:"cache,omitempty"`
// +kubebuilder:validation:Required
Chart ChartMuseumChartSpec `json:"chart"`
// +kubebuilder:validation:Optional
Network *harbormetav1.Network `json:"network,omitempty"`
}
type ChartMuseumServerSpec struct {
// +kubebuilder:validation:Optional
TLS *harbormetav1.ComponentsTLSSpec `json:"tls,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Type="string"
// +kubebuilder:validation:Pattern="([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)?"
// Socket timeout
ReadTimeout *metav1.Duration `json:"readTimeout,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Type="string"
// +kubebuilder:validation:Pattern="([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)?"
// Socket timeout
WriteTimeout *metav1.Duration `json:"writeTimeout,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:default=20971520
// Max size of post body (in bytes)
MaxUploadSize *int64 `json:"maxUploadSize,omitempty"`
// +kubebuilder:validation:Optional
// Value to set in the Access-Control-Allow-Origin HTTP header
CORSAllowOrigin string `json:"corsAllowOrigin,omitempty"`
}
type ChartMuseumChartSpec struct {
// +kubebuilder:validation:Optional
// Form fields which will be queried
PostFormFieldName ChartMuseumPostFormFieldNameSpec `json:"postFormFieldName,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern="https?://.*"
// The absolute url for .tgz files in index.yaml
URL string `json:"url,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
// Allow chart versions to be re-uploaded without ?force querystring
AllowOverwrite *bool `json:"allowOverwrite,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Enforce the chart museum server only accepts the valid chart version as Helm does
SemanticVersioning2Only bool `json:"onlySemver2"`
// +kubebuilder:validation:Required
Storage ChartMuseumChartStorageSpec `json:"storage"`
// +kubebuilder:validation:Optional
Index ChartMuseumChartIndexSpec `json:"index,omitempty"`
// +kubebuilder:validation:Optional
Repo ChartMuseumChartRepoSpec `json:"repo,omitempty"`
}
type ChartMuseumChartRepoSpec struct {
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// The length of repo variable
DepthDynamic bool `json:"depthDynamic"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// +kubebuilder:default=1
// Levels of nested repos for multitenancy
// Harbor: must be set to 1 to support project namespace
Depth *int32 `json:"depth,omitempty"`
}
type ChartMuseumChartStorageSpec struct {
ChartMuseumChartStorageDriverSpec `json:",inline"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// Maximum number of objects allowed in storage (per tenant)
MaxStorageObjects *int64 `json:"maxStorageObject,omitempty"`
}
type ChartMuseumChartStorageDriverSpec struct {
// +kubebuilder:validation:Optional
Amazon *ChartMuseumChartStorageDriverAmazonSpec `json:"amazon,omitempty"`
// +kubebuilder:validation:Optional
OpenStack *ChartMuseumChartStorageDriverOpenStackSpec `json:"openstack,omitempty"`
// +kubebuilder:validation:Optional
FileSystem *ChartMuseumChartStorageDriverFilesystemSpec `json:"filesystem,omitempty"`
// +kubebuilder:validation:Optional
Azure *ChartMuseumChartStorageDriverAzureSpec `json:"azure,omitempty"`
// +kubebuilder:validation:Optional
Gcs *ChartMuseumChartStorageDriverGcsSpec `json:"gcs,omitempty"`
// +kubebuilder:validation:Optional
Oss *ChartMuseumChartStorageDriverOssSpec `json:"oss,omitempty"`
}
type ChartMuseumChartStorageDriverOssSpec struct {
// +kubebuilder:validation:Required
Endpoint string `json:"endpoint"`
// +kubebuilder:validation:Required
AccessKeyID string `json:"accessKeyID"`
// +kubebuilder:validation:Required
AccessSecretRef string `json:"accessSecretRef"`
// +kubebuilder:validation:Required
Bucket string `json:"bucket"`
// +kubebuilder:validation:Optional
PathPrefix string `json:"pathPrefix,omitempty"`
}
type ChartMuseumChartStorageDriverGcsSpec struct {
// +kubebuilder:validation:Required
// bucket to store charts for Gcs storage
Bucket string `json:"bucket"`
// +kubebuilder:validation:Required
// The base64 encoded json file which contains the key
KeyDataSecretRef string `json:"keyDataSecretRef"`
// +kubebuilder:validation:Optional
PathPrefix string `json:"pathPrefix,omitempty"`
// +kubebuilder:validation:Optional
ChunkSize string `json:"chunksize,omitempty"`
}
type ChartMuseumChartStorageDriverAzureSpec struct {
// +kubebuilder:validation:Optional
AccountName string `json:"accountname,omitempty"`
// +kubebuilder:validation:Optional
AccountKeyRef string `json:"accountkeyRef,omitempty"`
// +kubebuilder:validation:Optional
Container string `json:"container,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=core.windows.net
BaseURL string `json:"baseURL,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=/azure/harbor/charts
PathPrefix string `json:"pathPrefix,omitempty"`
}
type ChartMuseumChartStorageDriverAmazonSpec struct {
// +kubebuilder:validation:Required
// S3 bucket to store charts for amazon storage
Bucket string `json:"bucket"`
// +kubebuilder:validation:Optional
// Alternative s3 endpoint
Endpoint string `json:"endpoint,omitempty"`
// +kubebuilder:validation:Optional
// Prefix to store charts for the bucket
Prefix string `json:"prefix,omitempty"`
// +kubebuilder:validation:Optional
// Region of the bucket
Region string `json:"region,omitempty"`
// +kubebuilder:validation:Optional
// ServerSideEncryption is the algorithm for server side encryption
ServerSideEncryption string `json:"serverSideEncryption,omitempty"`
// +kubebuilder:validation:Optional
AccessKeyID string `json:"accessKeyID,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern="[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*"
AccessSecretRef string `json:"accessSecretRef,omitempty"`
}
type ChartMuseumChartStorageDriverOpenStackSpec struct {
// +kubebuilder:validation:Required
// Container to store charts for openstack storage backend
Container string `json:"container"`
// +kubebuilder:validation:Optional
// Prefix to store charts for the container
Prefix string `json:"prefix,omitempty"`
// +kubebuilder:validation:Optional
// Region of the container
Region string `json:"region,omitempty"`
// +kubebuilder:validation:Required
// URL for obtaining an auth token.
// https://storage.myprovider.com/v2.0 or https://storage.myprovider.com/v3/auth
AuthenticationURL string `json:"authenticationURL"`
// +kubebuilder:validation:Optional
// Your Openstack tenant name.
// You can either use tenant or tenantid.
Tenant string `json:"tenant,omitempty"`
// +kubebuilder:validation:Optional
// Your Openstack tenant ID.
// You can either use tenant or tenantid.
TenantID string `json:"tenantID,omitempty"`
// +kubebuilder:validation:Optional
// Your Openstack domain name for Identity v3 API. You can either use domain or domainid.
Domain string `json:"domain,omitempty"`
// +kubebuilder:validation:Optional
// Your Openstack domain ID for Identity v3 API. You can either use domain or domainid.
DomainID string `json:"domainID,omitempty"`
// +kubebuilder:validation:Optional
// The Openstack user name. You can either use username or userid.
Username string `json:"username,omitempty"`
// +kubebuilder:validation:Optional
// The Openstack user id. You can either use username or userid.
UserID string `json:"userid,omitempty"`
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern="[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*"
// Secret name containing the Openstack password.
PasswordRef string `json:"passwordRef,omitempty"`
}
type ChartMuseumChartStorageDriverFilesystemSpec struct {
// +kubebuilder:validation:Required
VolumeSource corev1.VolumeSource `json:"volumeSource"`
// +kubebuilder:validation:Optionel
Prefix string `json:"prefix,omitempty"`
}
type ChartMuseumChartIndexSpec struct {
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Minimum=0
// Parallel scan limit for the repo indexer
ParallelLimit *int32 `json:"parallelLimit,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Type="string"
// +kubebuilder:validation:Pattern="([0-9]+h)?([0-9]+m)?([0-9]+s)?([0-9]+ms)?([0-9]+us)?([0-9]+µs)?([0-9]+ns)?"
// Timestamp drift tolerated between cached and generated index before invalidation
StorageTimestampTolerance *metav1.Duration `json:"storageTimestampTolerance,omitempty"`
}
type ChartMuseumPostFormFieldNameSpec struct {
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MinLength=1
// +kubebuilder:default="chart"
// Form field which will be queried for the chart file content
// Harbor: Expecting chart to use with Harbor
Chart string `json:"chart,omitempty"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:MinLength=1
// +kubebuilder:default="prov"
// Form field which will be queried for the provenance file content
// Harbor: Expecting prov to use with Harbor
Provenance string `json:"provenance,omitempty"`
}
type ChartMuseumLogSpec struct {
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Output structured logs as json
JSON bool `json:"json"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Show debug messages
Debug bool `json:"debug"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Log inbound /health requests
Health bool `json:"health"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=true
// log latency as an integer instead of a string
LatencyInteger *bool `json:"latencyInteger,omitempty"`
}
type ChartMuseumAuthSpec struct {
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Allow anonymous GET operations when auth is used
AnonymousGet bool `json:"anonymousGet"`
// +kubebuilder:validation:Optional
// +kubebuilder:validation:Pattern="[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*"
// Reference to secret containing basic http authentication
// Harbor: Harbor try to connect using chart_controller username
BasicAuthRef string `json:"basicAuthRef,omitempty"`
// +kubebuilder:validation:Optional
// Bearer authentication specs
Bearer *ChartMuseumAuthBearerSpec `json:"bearer,omitempty"`
}
type ChartMuseumAuthBearerSpec struct {
// +kubebuilder:validation:Required
// +kubebuilder:validation:Pattern="[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*"
// Reference to secret containing authorization server certificate
CertificateRef string `json:"certificateRef"`
// +kubebuilder:validation:Required
// Authorization server url
Realm string `json:"realm"`
// +kubebuilder:validation:Required
// Authorization server service name
Service string `json:"service"`
}
type ChartMuseumDisableSpec struct {
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Disable all routes prefixed with
API bool `json:"api"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Disable use of index-cache.yaml
StateFiles bool `json:"statefiles"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Do not allow chart versions to be re-uploaded, even with ?force querystrin
ForceOverwrite bool `json:"forceOverwrite"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Disable Prometheus metrics
Metrics bool `json:"metrics"`
// +kubebuilder:validation:Optional
// +kubebuilder:default=false
// Disable DELETE route
Delete bool `json:"delete"`
}
type ChartMuseumCacheSpec struct {
// +kubebuilder:validation:Optional
// Redis cache store
Redis *harbormetav1.RedisConnection `json:"redis,omitempty"`
}
func init() { //nolint:gochecknoinits
SchemeBuilder.Register(&ChartMuseum{}, &ChartMuseumList{})
}